Healthcare Orgs Cybersecurity Risks Remain High

Richard Thurston

By not prioritizing the threat of cyberattack, healthcare companies are failing to make necessary progress, according to a new report.

NTT Security’s 2019 Risk:Value report was compiled through a survey, where NTT Security queried over of 2,200 senior level IT executives covering 17 industry sectors in 20 countries across five continents-a global scan of where organizations stand in terms of their cybersecurity threat awareness, readiness and prioritization. Healthcare was one of the key sectors researched, with nearly 200 senior managers interviewed from healthcare organizations.

Across the board, there is clear-cut evidence which shows three mitigating factors of failure:

1. Lack of cybersecurity investment
2. Poor knowledge of compliance issues
3. Continued failure to secure critical data.

“This is a time when organizations should be getting smarter about cybersecurity and we’re not seeing that based on the survey results,” says Richard Thurston, global markets insight manager at NTT Security.

The basic findings show a few startling statistics, according to Thurston, such as how half of respondents (48%) think their organization’s critical data is secure enough-“it isn’t,” he says. Thirty-three percent think a security breach will never happen-and the same percentage would actually pay a ransom to recover data. And cybersecurity risk has risen sharply-reported data vulnerabilities were over 16,000 this year, up from 6,400 in 2018.

Related: HHS’ New Cybersecurity Practices: 5 Things to Know

While the U.S. performs second-best in the world for cybersecurity, according to Risk:Value, healthcare organizations’ performance is rated average-far behind the financial services sector, which leads all industries.

Other unique findings

• 78% of private healthcare organizations believe information stolen in a security breach would result in loss of customer confidence and/or damage to the brands reputation. “This is the highest percentage of any sector,” Thurston says. “The next highest percentage is 75% from the Wholesale sector.”

• 50% of public healthcare organizations claim they have never suffered a data breach.
• 85% of private healthcare organizations and-87% of public healthcare organizations believe it’s vital to continually invest in cybersecurity