The global healthcare sector experienced more than three times the number of security incidents than the average industry and is twice as likely to encounter data theft, according to a report.
The Raytheon|Websense Security Labs 2015 Healthcare Drill-Down said that the healthcare sector experienced 340 per cent more information security incidents and attacks than other industries due to the proliferation of electronic health records with sensitive data.
Patient information was found to be 10 times more valuable on the black market, while the data-heavy healthcare environment makes the sector more attractive to cybercriminals, the report said.
Regarding specific incidents, the report found that one in every 600 attacks in the healthcare sector involved advanced malware, with the sector four times more likely to be impacted by advanced malware than any other industry due to restricted budget and a lack of skills around detection, mitigation and prevention.
Healthcare was also 74 per cent more likely to be impacted by phishing schemes due to a lack of effective security awareness training for employees. The sector is also 4.5 times more likely to be impacted by Cryptowall and three times more likely to be impacted by Dyre, known for previous exploits in the financial sector.
The new metrics follow a separate Websense report last year that identified a 600 per cent increase in cyber-attacks against hospitals within a 10-month period.
There have been numerous high profile breaches of sensitive medical data this year, including a major incident where health contractor Luxottica Retail Australia sent the medical records of Australian Defence personnel to China. This month, more than 10 million records were exposed in a data breach of health insurer Excellus BlueCross BlueShield and a partner company.
The report revealed that healthcare is only becoming increasingly vulnerable as the next wave of connected devices hits an already complex technology environment.
“While the finance and retail sectors have long honed their cyber defences, our research illustrates that healthcare organisations must quickly advance their security posture to meet the challenges inherent in the digital economy – before it becomes the primary source of stolen personal information,” said Carl Leonard, Raytheon|Websense principal security analyst.
Leonard described the new digitisation of the healthcare sector as the “perfect storm” where electronic records are relatively new, data is both incredibly sensitive and very valuable to malware authors, and data needs to be readily accessible to authorised stakeholders to carry out safe and efficient healthcare.
“It’s very difficult in a business environment where data is so critical, and if its not available then the patient can suffer, so all these things working together make for a huge challenge for healthcare,” he told CIO.
The large number of data breaches affecting healthcare this year has been a wake up call for the sector, Leonard said.
“They’re already very aware of the regulatory bodies that impose certain best practice and frameworks on how to protect that data, but given that the threat landscape has changed so significantly, security must become a priority.
“They’re trying to deliver fantastic patient care and often security is considered a hindrance to that core business function. But if you have good security and are protecting your environment then you’re actually able to better deliver patient care.”