Healthcare Organizations Often Paying $1 Million for Cyberattacks
By Greg Freeman
More than a quarter of organizations have suffered a financial loss of at least $1 million from cyberattacks, according to research from cybersecurity company Claroty in New York City.
The healthcare industry is particularly vulnerable to cyberattacks, with more than three-quarters of healthcare organizations paying more than $500,000 in ransom as a result of cyberattacks, the report says.
The report is based on a survey of 1,100 professionals working in information security, operational technology engineering, clinical and biomedical engineering, and facilities management. (The full report is available online at https://bit.ly/4fapfKn.)
Half of the respondents said their vulnerability management and risk assessments were inadequate, says Ty Greenhalgh, industry principal with Healthcare Claroty. Those are the two measures with the most potential to reduce the probability of a breach, he says.
Health and Human Services is likely to require more risk analysis when it revises HIPAA because that is where organizations fail audits most of the time, he says.
“The slope of the curve for the number of breaches and the number of records exposed is really in the wrong direction. It’s going up, and I don’t see anything that is on the horizon that will change that except funded mandates,” Greenhalgh says. “Third-party access seems to be a big trend for where people are getting attacked from.”
Phishing and social engineering are coming down as attack vectors, whereas directly exploiting vulnerabilities is on a rise, he says.
“They’re almost equal now, with hospitals being targeted specifically,” Greenhalgh says. “They’re saying, ‘We’re going to get in that hospital. We’re not just throwing out some blanket email to the hospital we’re targeting. We’re coming in your doors.”
Source
- Ty Greenhalgh, Industry Principal, Claroty, Telephone: (757) 933-5928. Email: [email protected].
Greg Freeman has worked with Relias Media and its predecessor companies since 1989, moving from assistant staff writer to executive editor before becoming a freelance writer. He has been the editor of Healthcare Risk Management since 1992 and provides research and content for other Relias Media products. In addition to his work with Relias Media, Greg provides other freelance writing services and is the author of seven narrative nonfiction books on wartime experiences and other historical events.
More than a quarter of organizations have suffered a financial loss of at least $1 million from cyberattacks.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.