errors and omissions insurance Survey: Cyber Attacks Continue to Compromise Data at Healthcare Organizations, Facilities | Axis Error & Omission
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Survey: Cyber Attacks Continue to Compromise Data at Healthcare Organizations, Facilities


Survey Cyber Attacks Continue to Compromise Data at Healthcare Organizations, FacilitiesIn a recent survey, 81% of healthcare executives said that their organizations have been compromised by at least one malware, botnet, or other cyber attack during the past two years. This is not surprising considering the headline news we read on a regular basis – from the network breach at for-profit hospital network Community Health Systems in August 2014 in which more than 4.5 million patient records were stolen, to Anthem’s breach of nearly 80 million medical records that came to light in February 2015; to the beach at Premera Blue Cross in March in which 11 million medical and financial records were compromised; and most recently in July the revelation by UCLA Health System that 4.5 million patient records were at risk from a hacking discovered two months earlier.

The 2015 KPMG Healthcare Cybersecurity Survey, in polling 223 chief information officers, chief technology officers, chief security officers and chief compliance officers at healthcare providers and health plans, found the number of attacks are indeed increasing, with 13% saying they are targeted by external hack attempts about once a day and another 12% seeing about two or more attacks per week. Even more worrisome is that 16% of healthcare organizations said they cannot detect in real-time if their systems are compromised.

“Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed, said Michael Ebert, leader in KPMG’s Healthcare & Life Sciences Cyber Practice.

Where are the threats coming from?

Malware, software designed to disrupt or gain access to private computer systems, is the most frequently reported line of attack during the past 12 to 24 months, according to 65% of survey respondents. Botnet attacks, where computers are hijacked to issue spam or attack other systems, and “internal” attack vectors, such as employees compromising security, were cited by 26% of respondents.

In addition to external hackers, the areas with the greatest vulnerabilities within an organization include sharing data with third parties, employee breaches, wireless computing, and inadequate firewalls. Internal personnel represent the second-leading leading cause of electronic compromises. “Whether accidental or intentional, the fact remains that people always represent the single weakest link in any computer system,” states the report. People make mistakes, and their errors can be almost anywhere – from faulty designs, bad engineering, or weak configuration settings through to incomplete or outdated security architecture, failing to pay attention to technology alerts, or simply a lack of training and awareness of the new array of attacks. That is why today’s cyber attackers are targeting the “human in the loop.” Many do this through electronic means that target human weaknesses (such as malware, Trojan horses, and phishing expeditions).

In relation to an organization’s readiness in the face of a cyber attack, 66% of execs at health plans said they were prepared, while only 53% of providers said they were ready. Larger organizations, in terms of revenue, are better prepared than smaller ones. In addition, the KPMG survey found that spending to prevent cyber attacks has increased at most institutions. But the survey warns there are no cookie-cutter approaches to security. “An organization with a mobile workforce may have a far different technology need from an organization that processes healthcare claims, for example.”

Cyber security and a strategic response plan (which we will discuss in our next article) are critical in the healthcare sector. Equally critical is a sound Cyber Liability insurance plan. Axis Insurance Services offers Cyber Liability/Privacy & Network Security insurance for healthcare organizations and providers. We can provide you with a choice of coverage to tailor a robust Cyber insurance program for your facility or organization. Give us a call today at (877) 787-5258 to speak with one of our specialists.

 

Source: KPMG

Comments

comments

Blogged on: September 21, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions