- Cybersecurity concerns continue to hound healthcare organizations, with 62% of executives reporting a cyberattack in the past year and more than half of those losing patient data, a new Ponemon Institute survey shows.
- Average annual spend on IT rose from $23 million in 2016 to $30 million today, with more of that going to cybersecurity efforts.
- Yet despite growing threats, just half of the 627 leaders surveyed said their organization has a chief information security office, while three-fourths complained of insufficient cybersecurity staffing.
The findings echo other recent surveys. In December, Black Book Market Research reported eight in 10 healthcare organizations lack a C-suite level leader to manage cybersecurity enterprise-wide and just 11% plan to add one in 2018. Providers also lagged in adopting cybersecurity best practices, with 54% conceding they don’t conduct routine risk assessments.
The Ponemon survey also shows similar gaps in preparedness, with 51% of respondents reporting their organizations have no incident response program to mitigate damage and prevent attacks from occurring again.
Organizations were equally concerned about internal (64%) and external (63%) attacks. The top five targets of hackers, according to the survey, are patient medical records (775), patient billing information (56%), log-in credentials (54%), password and other authentication credentials (49%) and clinical trials and other research information (45%).
Last year saw a wave of cyberattacks ranging from the global WannaCry attack that froze computers at U.K. hospitals and disrupted businesses in 104 countries to a strain of Peyta that hit European and U.S. targets and a breach at Banner Health that compromised the personal information of 3.7 million people.
The threat shows no signs of abating this year. In January, a ransomware attack crippled computers at Greenfield, Indiana-based Hancock Health. The same month, West Virginia-based Coplin Health Systems reported that personal information of 43,000 patients may have been breached after someone stole an encrypted laptop from an employee’s car.
The Ponemon survey was conducted in collaboration with cybersecurity solutions provider Merlin International.