It is common knowledge that the healthcare industry has been facing a series of condemnatory cyber security issues – whether it is about a lack of funding for cyber security protection, or the effects of yet another breach on an unsuspecting hospital’s data, the deluge never seems to end. This most recent report not only adds another chapter to this unfortunate saga, but it showcases the lag between healthcare and every other industry in the greater economy.
UpGuard publishes a report every year detailing over 7,000 results from cross-industry company audits on their current cyber security standing. Through their CSTAR scoring system, the company’s cyber security protection is ranked on a scale from 0 – 950. For the purpose of this report, the healthcare industry firms investigated range from insurers to hospitals to pharmaceutical companies. The average score landed at 420, showcasing the very obvious vulnerabilities within many of the industry’s subsections.
The unfortunate part about this report is that not only does it further cement the cyber insecurities of the healthcare industry within the mind of the consumer, but the solutions listed are fairly simple to implement and yet these institutions don’t have the funds, manpower or time to do anything!
For example, healthcare networks are victim to a number of phishing attacks. An unsuspecting employee or administrator opens up an email that seems to be from a legitimate source and suddenly they are thrust in the middle of an unfortunate breach where data has to be replaced, recreated, or returned in exchange for a ransom payment. And, even if these firms do have security hardware in place, most of the time the necessary upgrade requirements are never met and the once protective hardware becomes a huge paperweight.
Mid-sized hospitals seem to be targeted the most – smaller hospitals most likely won’t have the funds to pay a ransom even for their most vital data, and larger hospitals have security protocols in place that creates a harder breach topic. With estimates that the 2015 breaches in this sector alone – with 113 million medical records stolen – could cost the industry as much as $6.2 Billion, something needs to be done within these organizations and the healthcare industry at large to not only protect these vital services but the data they hold as well.