When in actual fact, in the 2015 KPMG Cyber Healthcare Survey, over eighty percent of healthcare executives say that their organisations have been compromised by at least one malware, botnet or other type of cyber-attack over the past two years.
If health care providers information technology is compromised, then there is an increased risk of medical insurance fraud and attacks on computer-controlled medical devices.
The report states “In terms of technical capabilities, the healthcare industry is behind other industries in protecting its infrastructure and electronic protected health information (ePHI) – as commonly seen in the use of outdated clinical technology, insecure network-enabled medical devices, and an overall lack of information security management processes.”
KPMG have listed the top reasons that healthcare organisations are facing increased security threats are:
- The adoption of digital patient records and the automation of clinical systems.
- The use of antiquated EMR and clinical applications that are not designed to securely operate in today’s networked environment and software vendors who push that problem to the provider.
- The ease of distributing ePHI both internally (laptops, mobile devices, thumb drives) and externally (third parties, Cloud services).
- The heterogeneous nature of networked systems and applications (i.e. network-enabled respirator pumps on the same network as registration systems that can browse the Internet).
- The evolving threat landscape, where cyber-attacks today are more sophisticated and well-funded given the increased value of the compromised data on the black market.
(This survey is based on data from 223 U.S. based healthcare executives, conducted by Forbes Insights. 56% came from for-profit organisations, and 44% from the not-for-profit sector. All had revenues of at least $500 million; 70% has revenues over $1 billion.)
Click here to read full survey.