Four in 10 Health Care Executives Admit Breaches, Raising Concern for Safety of Health Records

Some 81% of health care executives say their systems have been compromised by at least one malware, botnet or other cyber-attack during the past two years, and only half feel adequately prepared to prevent attacks, according to the Healthcare Cybersecurity Survey by big four accountancy firm KPMG.

The survey shows attacks are increasing, with 13% of C-level executives saying they are targeted by external hack attempts about once a day and another 12% seeing about two or more attacks per week.

More concerning is that 16% of healthcare organizations said they cannot detect in real time if their systems are compromised. This percentage is, however, lower than the average 42% of IT managers who said they were unable to identify the source of security breaches, according to a previous SANS Institute survey conducted on companies with more than 10,000 employees.

When asked about readiness in the face of a cyber-attack, 66% of execs at health plans said they were prepared, while only 53% of providers said they were ready. Larger organizations, in terms of revenue, are better prepared than smaller ones, study shows.

Malware is the most frequently reported line of attack during the past 12 to 24 months, according to 65% of survey respondents. Botnet attacks, where computers are hijacked to issue spam or attack other systems, and “internal” attack vectors, such as employees compromising security, were cited by 26% of respondents.

According to the KPMG survey, the areas with the greatest vulnerabilities within an organization include external attackers (65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (27%).

The survey included 223 chief information officers, chief technology officers, chief security officers and chief compliance officers at health care providers and health plans.