A report by IBM has found that the healthcare sector is one of the most targeted industries by cyber criminals. And these attacks show no sign of slowing down, with cyber crime increasing at an alarming rate – up 37% in January-March 2022 compared with the same period in 2021.
This is highlighted in a separate study by Ponemon Institute and Proofpoint, in which 89% of respondents reported at least one cyber attack within the past year, with the average attack costing companies $4.4 million. And the repercussions of these attacks can expand far beyond monetary loss. The same study revealed that almost a quarter of healthcare organisations that fell victim to ransomware experienced an increase in patient mortality.
So why is healthcare being targeted? There are a number of reasons, one of which is their broad attack surface. On average, healthcare organisations have over 26,000 network-connected devices, meaning that attackers have a huge range of avenues of attack. An added difficulty with so many network connected devices is the fact that many of these systems are ageing, and may be running outdated software – easy pickings for cyber criminals. Healthcare organisations also hold vast amounts of sensitive information on patients, making very tempting targets.
It must be mentioned though, that while larger organisations have larger attack surfaces and hold greater amounts of sensitive data, they also have larger cyber security budgets. Smaller organisations on the other hand often make easier targets, and are targeted just as often as larger organisations.
So what can companies do to protect themselves? There is no quick answer, and a combination of highly trained and cyber secure people, processes, and technology are needed. Staff need to be trained to recognise and respond appropriately to cyber incidents, processes must be designed with cyber security in mind, and appropriate technology must be used to remain at least one step ahead of the attackers.
Vertex Cyber Security works with many organisations in the healthcare space – helping them with everything from staff training, to becoming ISO27001 certified. Feel free to contact us on 1300 2 CYBER (29237) or if you’d like to know how we can help.