|View printer-friendly version|
|New Research Reveals Healthcare Providers Consider Email a Top Attack Vector|
Reflecting recent high-profile attacks, such as WannaCry and Petya, which in some cases shut down entire hospital operations, 83 percent of respondents say ransomware is the most concerning type of email-related threat, followed by other sophisticated threats in this order: malware, targeted attacks such as spear-phishing, and business email compromise.
Further, 97 percent of healthcare providers have a high level of concern about cybersecurity and resilience. Defined by the Cyber Resilience Think Tank as, “an organization’s capacity to adapt and respond to adverse cyber events – whether the events are external or internal, malicious or unintentional – in ways that maintain the confidentiality, integrity and availability of whatever data and service are important to the organization,” resilience is a key initiative for 2018.
The vast majority of respondents, 93 percent, rate email as mission critical to their organization – and almost half cannot live with email downtime. Additionally, four out of five respondents said they use email to send Protected Health Information (PHI), making it important to ensure the appropriate safeguards are in place to protect sensitive patient data and demonstrate compliance with security and privacy regulations such as HIPAA.
“This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks. While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats. As the first study by HIMSS on the role of email in cybersecurity and resilience, this research provides new guidance to the industry as we head into 2018,” said
Fortunately, these same organizations are working on a variety of initiatives to build their cyber resilience strategy. The top three resilience initiatives are preventing attacks (94 percent), training employees (90 percent), and securing email (77 percent).
“This survey clearly demonstrates that email is a mission-critical application for healthcare providers and that cyberthreats are real and growing – surprisingly, even more so than the threats to Electronic Medical Records (EMRs), laptops and other portable electronic devices. It’s encouraging that protecting the organization and training employees are top initiatives for next year, but the survey suggests the industry has work to do,” said
The highlights of this analysis are featured in the blog post titled, “Healthcare Provider Survey Finds Email Most Likely Source of Data Breach.”