A new study reports that healthcare was the No. 1 industry for cybersecurity breaches in 2018. BakerHostetler's latest Data Security Incident Response Report shows that phishing attacks were the leading cause of breaches, making up 37 percent across all industries. Network intrusions were at 30 percent, with unpatched servers and remote desktop connections providing easy points of entry.Healthcaredive.com reports:
- Health information was the second most at-risk type of data in cyber incidents, making up fully a third of potentially compromised records. Social Security numbers were the most at risk at 37 percent. More than half (55 percent) of all incidents involved insider error or activity, according to the report.
- Once cybercriminals penetrate a system, their next steps most often involve accessing an Office 365 account (34 percent), roaming the network for available data (30 percent), installing ransomware (12 percent) or securing a wire transfer to the attacker's account (8 percent), according to the report.
- For ransomware victims, the report offers some sobering news: Nearly one in 10 times (9 percent) that a ransom was paid, no decryption key was received. The average ransom paid last year was $28,920. Among healthcare organizations, on average 36 days elapsed between the time of the initial access and detection, plus another 10 days to contain the breach.
What does this mean for businesses - especially healthcare - in 2019? The future is not bright for organizations that are not keeping pace with cybersecurity efforts.
"Health systems and hospitals are shirking industry cybersecurity standards," reports BusinessInsider.com. "For example, conformance to HIPAA security rules fell from 74% in 2017 to 72% in 2018, according to a 2019 report from cybersecurity consulting firm Cynergistek.
"The repercussions are costly: When breaches expose sensitive information, HIPAA privacy rules are violated — and health systems have to pay up. The US government doled out a new high of $26 million in HIPAA penalties in 2018. Moreover, health firms lose nearly 7% of their customers following a data breach — the highest of any industry."
As counter efforts grow stagnant, experts expect an increase in US health breaches in 2019. Read more from BusinessInsider.com.