Skip to main content
Healthcare Innovation
RAJIV LEVENTHAL | JUNE 17, 2019

More than eight in ten (83 percent) healthcare organizations have acknowledged they have seen an increase in cyberattacks over the past year, with about two-thirds noting that these attacks have become more sophisticated, according to a new survey.

The research from cybersecurity company Carbon Black included responses from 20 healthcare CISOs (chief information security officers) and one of the core takeaways was that “with increased adoption of medical and IoT devices, the surface area for healthcare attacks is becoming even larger. The problem has been further compounded by limited cybersecurity staffing and stagnant cybersecurity budgets in the industry.”

However, researchers also noted that the awareness of healthcare’s cybersecurity problem has never been higher. “While the industry has traditionally lagged when compared with, say, finance or retail, the healthcare ransomware attacks of 2017 (and the many others to follow) served as a clarion call that too many cyber-attackers do not adhere to the principle of ‘do no harm.’”

Other key findings from the report include:

  • Last year, Carbon Black’s healthcare customers saw an average of 8.2 attempted cyberattacks per endpoint each month, according to Carbon Black’s data.
  • Nearly half (45 percent) of surveyed healthcare organizations said they’ve encountered attacks where the primary motivation was destruction of data over the past year.
  • Two-thirds (66 percent) of surveyed healthcare organizations said their organization was targeted by a ransomware attack during the past year.
  • When asked, “What is the biggest concern to your organization?” the top answers in the survey were: compliance (33 percent); budget and resource restrictions (22 percent); loss of patient data (16 percent); vulnerable devices (16 percent); and inability to access patient data (13 percent).
  • 84 percent of surveyed healthcare organizations said they train their employees on cybersecurity best practices at least once per year. Nearly half (45 percent) said they conduct training multiple times per year for employees.
  • When asked to self-grade their organization’s cybersecurity posture, the top three answers were: C (33 percent), B (25 percent) and B- (16 percent).

The report’s authors concluded. “Regular education of employees, greater awareness of modern threats and the prospect of building out larger threat hunting teams can all go a long way in helping to curb attacks. As we’ve learned from this survey of some of the world’s leading healthcare CISOs, it does not appear that the volume and frequency of attacks will be abating anytime soon.”