Archive for October 13, 2023

Proofpoint Study Shows That Healthcare Organizations Are Prime Targets To Be Pwned

Posted in Commentary with tags on October 13, 2023 by itnerd

According to a report conducted by the Ponemon Institute for Proofpoint, of the 653 health care IT and security practitioners in the study, 88% had experienced an average of 40 attacks in the past 12 months with the average total cost of successful cyber attacks reaching almost $5 million.

  • 66% reported disruptions to patient care
  • 57% observed poor patient outcomes due to delays in procedures and tests
  • 50% saw an increase in medical procedure complications
  • 23% claimed an increased patient mortality rate

All organizations surveyed had at least one data incident involving confidential health care data within the past two years with malicious insiders as the most likely cause identified by 32% of respondents. While 58% of survey respondents claimed a lack of cybersecurity expertise and 50% said insufficient staffing were the two biggest challenges they faced.  

The majority of health care providers are relatively small to midsized organizations that devote most of their resources to patient care, noted Ryan Witt, chair of the Healthcare Customer Advisory Board at Proofpoint.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “The challenges faced by healthcare organizations in addressing cybersecurity include a lack of cybersecurity expertise and insufficient budget and staffing. These challenges need to be addressed to ensure effective security measures are in place, especially in the critical areas of mobile app and API vulnerabilities and the persistent phishing and business email compromise (BEC) attacks. With the average cost of a cyber attack reaching almost $5 million, it makes sense for these organizations to invest ahead of the attack versus spending money to remediate after the patient data has been exfiltrated and other damage has been done.”

Emily Phelps, Director, Cyware follows with this:
  “Healthcare is a consistently attractive target for threat actors because of the valuable data they collect and store. Adversaries far outnumber available cybersecurity pros so to mitigate the risks, healthcare organizations must leverage automation tools that enable lean security teams to efficiently address threats; employees should have regular security awareness training so they are prepared to recognize and avoid common threat tactics; and organizations should consider partnering with security providers that can offer expertise that is difficult to source and retain internally.”

Jan Lovmand, CTO, BullWall provided this comment:

   “Hospitals and healthcare organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable. This is compounded by their limited resources to invest in cybersecurity measures. But with ransomware continuing to be a significant threat to these organizations, investments must be made to contain these attacks, eliminating the need to resort to a complete shutdown of IT systems, and healthcare services.”

Healthcare organizations are prime targets. That shouldn’t be in dispute at this point. But clearly the right resources are not being applied to stop these organizations from getting pwned. That needs to change. And change quickly.