The 2020 HIMSS Cybersecurity Survey provides insight into the cybersecurity landscape of US healthcare organizations based upon the feedback from 168 US based healthcare cybersecurity professionals.
Healthcare organizations face a barrage of significant security incidents such as phishing, ransomware, and social engineering attacks, in addition to the challenges faced by dealing with the COVID-19 pandemic.
Findings are based upon the data provided by respondents.
Significant security incidents:
- Most organizations are experiencing significant security incidents. Significant security incidents are the norm.
- Phishing is the most common type of significant security incident. Phishing is the number one type of significant security incident; most phishing is either general phishing or spear-phishing occurring via e-mail.
- Top threat actors include online scam artists and cybercriminals. Online scam artists (e.g., phishers) and cybercriminals are targeting many healthcare organizations.
- Financial information is king. Threat actors typically seek the following:
- financial information
- employee information
- patient information
- Initial hook is by phishing. Phishing e-mail is the typical initial point of compromise.
- Workforce members are the first line of defense. Internal security teams and internal personnel, including non-IT professionals, typically report significant security incidents to the organization.
- Disruption is the Primary Impact. Disruption of information technology (“IT”) operations and business operations are typical outcomes of cyber-attacks. Disruption of clinical care or damage or destruction of clinical care systems and devices also occurs.
Take a closer look, and read the full report.
Healthcare Cybersecurity Community
Learn from experts and peers in the healthcare sector, exchange ideas and make a proactive step to improve your organization’s security posture by joining our Healthcare Cybersecurity Community.