Study: 92% of Healthcare Firms Hit by Cyberattacks This Year


Healthcare organizations should rethink some of their approach to security, particularly by enhancing their focus on insider threats, improving cyber awareness training, and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings of a newly released study.

The third annual study – Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2024 – was sponsored by Proofpoint and conducted by research firm Ponemon Institute in March and April, surveying 648 respondents employed as IT or IT security practitioners at healthcare organizations.

Among some of the most concerning findings was that 92% of respondents said they have experienced at least one cyberattack in the last 12 months, up from 88% last year. The average number of attacks was 40. Some of those attacks were stopped before escalating. Others were not, Witt said.

“Criminal organizations think about their attack activity. They’re trying to maximize their time, their investment, and they have found that attacks that are human-centric attacks – attacking people and how they work – to be the most impactful way for them to get into an organization,” he said. “Getting access to credentials is the nirvana state for the threat actor.”

Cybercriminals then get to work on compromising network infrastructure, move laterally through the network to find areas of weaknesses or areas for exploitation and theft of the crown jewels – “those assets that can be most monetizable, whether it’s just a payment redirect, access into to clinical research, access to patient data – whatever their motivation might be.”

In this interview with Information Security Media Group (see audio link below photo), Witt also discussed:


  • Other key findings from the report, including attack trends involving supply chains, mobile apps, cloud environments and business email compromise;

  • The direct impact of ransomware and other cyberattacks on patient care;

  • Trends involving ransom payouts in healthcare;

  • How the Change Healthcare ransomware attack in February affected the healthcare sector, including survey respondents;

  • Top cybersecurity action items for defenders in the healthcare sector.

Witt is responsible for the strategy and solutions for the company’s healthcare business. He chairs Proofpoint’s healthcare advisory board and is a member of the HIMSS Cybersecurity, Privacy and Security Committee. Witt has held healthcare leadership positions at Fortinet and Juniper Networks.



Source link

Leave a Comment