by
Gus Iversen, Editor in Chief | August 26, 2015
A new survey sheds sobering light on the uptick in cyber attacks attempted on health facilities and the helplessness with which many of these institutions face the growing threat.
By polling 223 C-level hospital executives, the 2015 KPMG Healthcare Cybersecurity Survey determined that 81 percent of them believe their facility has been compromised by some form of cyber attack or another in the past two years.
"Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed," said Michael Ebert, leader in KPMG's Healthcare and Life Sciences Cyber Practice.
Ebert believes a key goal for execs is to advance their institutions' protection by creating hurdles for hackers, but as spending increases on cyber-security, so too do the efforts of predators.
Those attempts — whether taking the form of malware, botnet, (in which computers are hijacked to issue spam or attack other systems) or other external hacking efforts — are happening more than once a week according to 25 percent of the executives surveyed. For 13 percent of them, these attempts are happening virtually every day.
"Health care organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems," said Greg Bell, who leads the KPMG Cyber Practice.
Unfortunately, only 16 percent of those surveyed said their facility could detect a system compromise in real time.
With regard to readiness, larger institutions are typically more prepared than smaller ones. Among executives at health plans, 66 percent said they were prepared, while only 53 percent of providers said they were ready.
According to 65 percent of the respondents, malware is the most frequently reported form of attack, followed by botnet with 26 percent.
In descending order, the report found that the main vulnerabilities lay in external attackers, sharing data with third parties, employee breaches, wireless computing, and inadequate firewalls.
In his statement, Bell offered a chilling comparison. "The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content, similar to a blood sucking insect."
Spending on cyber security has risen at most institutions, but Bell emphasizes that the spending must be customized to an individual facility's strategy. "There are no cookie cutter approaches to security," he said.
Back to HCB News
