Morphisec released findings from the 2019 Morphisec Consumer Healthcare: Cybersecurity Threat Index. The report surveyed more than 1,000 consumers, weighted for the U.S. population, to get their perspective and understanding of the threatscape surrounding the healthcare industry, and how attackers are targeting their personal health information.
While the $36 billion shift to electronic health records (EHRs) and the adoption of new enabling technologies has improved the quality of healthcare over the last decade, cybersecurity vulnerabilities have emerged as a byproduct that has made the industry vulnerable to a growing number of highly advanced threats. In February, Morphisec Labs identified an ongoing cyberattack in which hacker group FIN6 expanded into the healthcare field targeting a diagnostic image processing firm.
Sophisticated cyberattackers are now attuned to the vulnerabilities that exist within the industry and are targeting it more than double the rate seen across other sectors. This attack frequency poses considerable risk to healthcare organizations and more importantly to the patients’ data they are securing. As Morphisec continues to assist healthcare providers with improving their cyber defenses and protecting patient data, it examined how the increasing amount of healthcare cyberattacks are impacting the mindset of consumers.
Highlights from the Morphisec 2019 Consumer Healthcare: Cybersecurity Threat Index include:
- Fifty-four percent of consumers say “they don’t know if a cyberattack has hit their healthcare providers,” despite HIPAA laws requiring providers to notify patients when their information has been compromised.
- Healthcare portal use by consumers has increased to 42 percent this year from 28 percent in 2018, increasing the need for providers to protect internet-facing websites, which hackers are actively targeting.
- Forty-five percent of consumers say they believe that their health information is more secure on their personal electronic devices (iPhone, laptop, etc.) than on the electronic devices within their healthcare provider.
- More than 50 percent of consumers say they play a role alongside their provider in protecting shared health information, but nearly 80 percent of consumers admit they are not prepared to handle threats to health data on their own.
- Consumers are more fearful of a health data breach (59 percent) than hackers gaining access to an internet-connected medical device (41 percent).
- Consumers believe web (24 percent) and endpoint defenses (21 percent) are providers’ weakest links in protecting their data.
“With nearly 90 percent of health organization CIOs indicating they purchase cybersecurity software to comply with HIPAA, rather than to reduce threat risk, consumers have a right to be worried about the cyber defenses protecting their health data,” said Tom Bain, vice president of security strategy at Morphisec. “Merely checking the box that cybersecurity defenses meet HIPAA requirements isn’t enough to protect healthcare organizations today from advanced and zero-day attacks from FIN6 and other sophisticated attackers.”
Download the full Morphisec 2019 Consumer Healthcare: Cybersecurity Threat Index here.