The global healthcare sector experienced more than three times the number of security incidents than the average industry and is twice as likely to encounter data theft, according to a report.
The Raytheon|Websense Security Labs 2015 Healthcare Drill-Down said that the healthcare sector experienced 340 percent more information security incidents and attacks than other industries due to the proliferation of electronic health records with sensitive data.
Patient information was found to be 10 times more valuable on the black market, while the data-heavy healthcare environment makes the sector more attractive to cybercriminals, the report said.
Regarding specific incidents, the report found that one in every 600 attacks in the healthcare sector involved advanced malware, with the sector four times more likely to be impacted by advanced malware than any other industry due to restricted budget and a lack of skills around detection, mitigation and prevention.
Healthcare was also 74 percent more likely to be impacted by phishing schemes due to a lack of effective security awareness training for employees. The sector is also 4.5 times more likely to be impacted by Cryptowall and three times more likely to be impacted by Dyre, known for previous exploits in the financial sector.
The new metrics follow a separate Websense report last year that identified a 600 percent increase in cyber-attacks against hospitals within a 10-month period.
There have been numerous high profile breaches of sensitive medical data this year, including a major incident where health contractor Luxottica Retail Australia sent the medical records of Australian Defence personnel to China. This month, more than 10 million records were exposed in a data breach of health insurer Excellus BlueCross BlueShield and a partner company.
The report revealed that healthcare is only becoming increasingly vulnerable as the next wave of connected devices hits an already complex technology environment.
“While the finance and retail sectors have long honed their cyber defences, our research illustrates that healthcare organisations must quickly advance their security posture to meet the challenges inherent in the digital economy – before it becomes the primary source of stolen personal information,” said Carl Leonard, Raytheon|Websense principal security analyst.
Leonard described the new digitisation of the healthcare sector as the “perfect storm” where electronic records are relatively new, data is both incredibly sensitive and very valuable to malware authors, and data needs to be readily accessible to authorised stakeholders to carry out safe and efficient healthcare.
“It’s very difficult in a business environment where data is so critical, and if its not available then the patient can suffer, so all these things working together make for a huge challenge for healthcare,” he told CIO.
Sign up for CIO Asia eNewsletters.