In a recent report published by Netwrix, the cybersecurity firm surveyed 1,309 security professionals globally and found that 84% of organizations in the healthcare sector observed a cyberattack on their infrastructure within the last 12 months.
Phishing and account hijacking were the most common types of incidents experienced. Of those that spotted a cyberattack, 74% of healthcare organizations reported user or admin account compromise compared to 44% of organizations with on-premises infrastructure.
“Healthcare workers regularly communicate with many people they do not know — patients, laboratory assistants, external auditors and more — so properly vetting every message is a huge burden. Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents,” says Dirk Schrader, VP of Security Research and Field CISO EMEA at Netwrix.
The report also reported that a cyberattack resulted in financial damage for 69%, compared to 60% for other industries. 57% estimated financial damage of greater than $10,000, with 36% stating the financial damage was greater than $50,001.
Automation of manual IT processes ranked third for the healthcare sector behind data and network security, with 46% of respondents stating it as one of their top priorities for 2024.
An expert with Cyware offers perspective on the matter.
Emily Phelps, Director, Cyware had this to say:
“This is a reminder that securing healthcare infrastructures goes beyond just protecting data—it’s about safeguarding the entire ecosystem of communication, collaboration, and critical patient care. With many healthcare workers juggling multiple interactions daily, it’s clear that robust threat intelligence management and training programs are crucial in equipping staff to spot and mitigate these threats. Moreover, automating IT processes can help reduce human error, which is often exploited by attackers, and streamline defenses in an industry under constant pressure. Effective threat intelligence sharing and collective defense are essential to fortifying healthcare networks and minimizing the impact of these attacks.”
Unfortunately healthcare is a target rich environment for threat actors. This paradigm needs to change and fast. Otherwise some the most important data that relates to all of us will be forever under threat.
Data Privacy Week Starts On Monday
Posted in Commentary with tags Privacy on January 25, 2025 by itnerdWhether you’re in IT, healthcare, government, or finance — every industry that handles sensitive data or critical systems benefits from protecting its data. We are reminded of this every time we see a new breach in the news, and especially during Data Privacy Week which is next week, helps to further empower everyone to protect our privacy online.
I have a pair of comments on Data Privacy Week from industry experts:
Evan Dornbush, former NSA cybersecurity expert:
“This is a great time for developers and product leads to remember, ‘if you don’t collect it, it can’t find its way into a breach,’ and be mindful of how much information is captured and stored that may be a liability to the business rather than an asset. For end users, in the past few months, we’ve seen clear-text SMS messages and call data records, some dating back as far as seven years, disclosed in telecom hacks. Encrypted options for video, voice and text exist and are now being promoted by professionals and government groups alike.”
Jawahar Sivasankaran, President at Cyware
“Data Privacy Week is a good opportunity to reflect on how security and privacy go hand-in-hand. Threat intelligence is a critical part of protecting sensitive data – it helps us identify and respond to risks before they turn into tangible threats. A strong security posture is essential for safeguarding privacy, and this week underscores the need to integrate both into your strategy. Protecting data is about more than compliance; it’s about being proactive in identifying and mitigating risks to keep both privacy and security intact.”
The website that I linked to above has a ton of great resources that you can use to take more control of your data. Feel free to check them out.
Leave a comment »