Health-care organizations are increasingly under attack by cyber criminals, and health-care executives are struggling to safeguard patient records.
That’s according to the 2015 KPMG Healthcare Cybersecurity Survey, which polled 223 chief information officers, chief technology officers, chief security officers and chief compliance officers at health-care providers and health plans.
Some 81 percent of health-care executives said their organizations have been compromised by at least one malware, botnet or other cyberattack during the past two years, and only half feel that they are adequately prepared in preventing attacks.
Scott Crawford, research director of the Information Security practice at 451 Research, tells Channel Partners the findings point to numerous opportunities for the channel to help these organizations step up their security measures.
The individual user and his or her system are often the target of attacks, so the channel can help organizations focus on protecting end-user points, he said. Technology that can detect anomalous activity of users would be useful to organizations, he added..
“It’s not just a technology problem,” Crawford said. “There’s also a big shortage of qualified security expertise. So the channel can help supplement that through providing expertise, consulting or as simple as staff augmentation as well.”
KPMG found the number of attacks increasing, with 13 percent saying they are targeted by external hack attempts about once a day and another 12 percent seeing about two or more attacks per week. More concerning, 16 percent of health-care organizations said they cannot detect in real time if their systems are compromised.
Greg Bell, who leads KPMG’s Cyber Practice, said that many organizations not seeing frequent cyberattacks may underestimate the threat.
“The experienced hackers that penetrate a vulnerable health-care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood-sucking insect,” he said.
Patient records are far more valuable than credit-card information for people who plan to commit fraud since the personal information cannot be easily changed, according to the survey.
Malware was the most frequently reported line of attack during the past 12 to 24 months, according to 65 percent of survey respondents. Botnet attacks were cited by 26 percent.
The areas with the greatest vulnerabilities within an organization include external hackers (65 percent), sharing data with third parties (48 percent), employee breaches (35 percent), wireless computing (35 percent) and inadequate firewalls (27 percent).
“There are no cookie-cutter approaches to security,” Bell said. “An organization with a mobile workforce may have a far different technology need from an organization that processes health care claims, for example.”