Despite growing awareness and increased cyber security efforts, health care organizations are having a hard time staying ahead of cyber criminals. In fact, according to a new report from the Ponemon Institute, health care organizations experience cyber attacks an average of 11.4 times per year—or nearly once per month.
The report, generated by surveying 535 health care IT and IT security practitioners, contained several other troubling key findings:
- Known vulnerabilities are the most common source of security incidents. Existing vulnerabilities that were more than 3 months old were the most common point of attack, according to 78 percent of respondents. Web-borne malware (75 percent), vulnerabilities less than 3 months old (70 percent), spear phishing (69 percent) and lost or stolen devices (61 percent) rounded out the most common causes.
- Advanced persistent threats occur every three months. Only 26 percent of respondents said their organizations had systems and safety controls in place to stop advanced persistent threats (APTs) —attacks in which an unauthorized person gains network access and remains in the network, undetected for a long period of time—and 21 percent said they were unsure what safety measures, if any, their organizations had in place to stop APTs.
- Prevention and detection systems aren’t sufficient. When asked, 49 percent of respondents said that cyber attacks have evaded their intrusion prevention systems, but 27 percent said they were unsure. Likewise, 37 percent said cyber attacks got past their anti-virus or traditional security controls, but 25 percent were unsure.
The report also suggests that resources may be an issue. Despite being targeted so often, respondents’ organizations devoted only 12 percent of their IT budgets to information security.
|Don't forget our risk assessment services are included in our
Find out if ELEVATE is right for you.