Is your organization leaving itself open to a cyber-attack? With as many as 81 percent of health care executives reporting that their organizations were compromised by cyber-attacks over the past two years, the answer seems clear. Attacks appear to be on the rise, according to findings in the 2015 KPMG Healthcare Cybersecurity Survey, which indicates that many health care organizations have yet to take the necessary steps to prepare for cyber-attacks, as only half of health care providers reported that they felt adequately prepared to prevent future attacks.
Various executives from health care providers and health care plans were polled by KPMG in the survey, which found that while the number of attacks is rising, the level of preparedness appears to be lagging. Thirteen percent of health care organizations reported facing daily external attack attempts and 12 percent reported two or more weekly attacks. KPMG also noted a particularly “concerning” finding that 16 percent of health care organizations reported not being able to detect in real-time whether their systems were being compromised. Additionally, only 53 percent of health care providers reported being ready for cyber-attacks, while 66 percent of health care plan executives reported being prepared.
Greg Bell, leader of KPMG’s Cyber Practice stated, “Health care organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems.” He added, “The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect.”
The most frequently reported type of attack in the past 12 to 24 months came in the form of malware, which is software that is designed to provide access to private computer systems. Additionally, 26 percent of respondents reported suffering attacks, by which computers were hijacked to send spam or to attack other systems.
The survey found that the areas of greatest vulnerabilities in data security included threats posed by external attackers, data sharing with third parties, employee breaches, wireless computing, and firewall infrequency.