A recent report by the non-governmental organization HIMSS, focused on improvements made in the health sector due to the introduction of information technology, has revealed that the sector is extremely vulnerable to cyber-attacks.
According to the report, two-thirds of those questioned (made up of industry professionals from around the world) confirmed that their organization had suffered a recent data attack. This is an alarming example of how valuable private patient information is to cybercriminals.
Information security continues to be a priority in IT strategies
The concern about the protection of confidential information is of increasing importance to those who work in the industry, and they are working harder to ensure that this information is kept secure and private. This is reflected in the survey as nearly 9 out of 10 stated that cyber-security has taken on a greater importance in their business in the last year.
Lisa Gallagher, vice-president of Technology Solutions at HIMSS, claims that “health organizations need to adapt quicker in order to defend themselves against cyber-attacks”. So, what does this involve? According to Gallagher, this means incorporating new tools and carrying out frequent analysis of its security processes. Fortunately, half of those questioned agreed that their company had undertaken steps to improve its online security, the protection of its endpoints, the loss of personal data, and disaster recovery. Despite the wealth of protection technology available, however, the majority of those questioned have doubts that their company can protect against attacks on its IT infrastructure and private data.
The use of antivirus and antimalware software is the most widespread
In general, according to the report, companies within the health sector use, on average, 11 different types of technology to guarantee their security. Furthermore, over half of these companies have employees dedicated to the management of private information and data.
This is a logical move considering that 42% of those questioned believe that there are new and growing threats that need to be detected and stopped. These threats have, in half of the cases, been detected by internal security systems. Just 17% of those surveyed admitted that security breaches had been detected by an external source, such as a patient whose information had been compromised.
Another important and positive detail that comes from the survey is the increased use of antivirus and antimalware software by companies (87% of those polled confirmed that their business had implemented the software). Not only this, but 80% also stated that their company was increasing its monitoring of online security to detect and investigate security breaches.
Consequences of attacks
With regards to security incidents, the majority (62%) have stemmed from a disturbance in the IT systems that has not only affected the IT operations, but also health care – albeit in a more limited way.
To have personnel available that are ready to detect and stop the attacks is vital. According to the report, 64% agree that not having skilled professionals on hand is a barrier against combating cyber-attacks.
The majority of those questioned (70%) also agree that phishing attacks, which are more and more frequent, and the spread of malware, are incentives to improve the protection of private information. In order to achieve this, 59% of those surveyed feel that it is important to share information about cyber-attacks with other sectors.
It is important to point out that these attacks aren’t just confined to the health sector. Many other companies have suffered breaches of security including Sony Pictures, which saw information stolen relating to employee salaries, unreleased films, and private mails between directors. Other businesses in the maritime oil industry have also suffered information theft, which we recently discovered at Panda Security.
Finally, an example of a company from the health sector that has suffered an attack is CareFirst BlueCross BlueShield, which offers medical services in the US states of Virginia, Maryland and Washington D.C. Last year the company found out that private information relating to over a million of its online users could have been compromised in a cyber-attack.