Healthcare News & Insights

Study says cyberattacks are on the rise — now what?

There’s another reason to worry about your data security — research shows cyberattacks have become the top cause of breaches. 

ThinkstockPhotos-481004001That’s according to the Ponemon Institute in its yearly survey on data breaches and healthcare providers’ protected health information (PHI) security.

Fortunately, the new report also gives hospital execs an idea of where they need to focus their prevention efforts going forward.

Growing cyberattack threat

The nonprofit research group surveyed about 90 healthcare organizations and, for the first time, looked into the security practices of organization’s business associates.

In past years Ponemon has conducted this study, the leading causes of data breaches were related to human error – like lost or stolen electronic devices – or technical glitches exposing systems.

Despite some recent high-profile hacking-related breaches, it was still relatively uncommon for a hospital to be breached by some form of criminal action. However, the frequency of cyberattacks has been steadily rising.

Over the last five years, researchers saw cyberattacks increase 125%.

Specifically, researchers found:

  • 45% of respondents said a cyberattack was the root cause of a data breach
  • 43% said their breach was caused due to lost or stolen devices.

The most common cyberattacks providers ran into included:

  • Spear phishing/fraudulent email schemes – 88%, and
  • Malware attacks – 78%.

Most common prevention

Regardless of their origin, breaches are becoming more common among providers. Around 40% of respondents said they’d had five or more data breaches in the last two years.

And it’s not just the frequency of breaches which is rising, researchers said. The financial costs of breaches has also risen.

As the report highlights, it’s more important than ever that hospital leaders take preventive measures. While making a system fool-proof against breaches is difficult, showing your security methods is an important factor for keeping fines down.

In particular, hospitals may want to train staff to recognize email phishing schemes and conduct a self-assessment if they haven’t done so recently.

Self-audits may seem basic, but they’re still a key security step. About 69% of respondents in the study said they’d found a data breach by conducting a self-audit on their operations. Employee detection and patient complaints were the next highest responses.

However, cyberattack breaches often go unnoticed for months. So by the time an employee or patient notices a possible breach, the exposure has been around a lot longer. That’s why periodic audits and security monitoring are so crucial to PHI security.

But many hospitals struggle with that kind of security upkeep.

One of the biggest obstacles to securing PHI respondents noted was resources. Many felt like their organization’s breach prevention programs were limited by a lack of funds, staff and other resources.

So if you haven’t done so in a while, hospital leaders should touch base with their security and HIPAA compliance teams to see what improvements may need to be made and what kind of materials are needed to achieve those goals.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.