Healthcare Industry Lacks Basic Security Knowhow

Uploaded on 2016-11-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Levels of security awareness in Healthcare are lower than average and this sector is particularly vulnerable to social engineering style attacks. 

SecurityScorecard released a comprehensive analysis exposing cybersecurity vulnerabilities across 700 US healthcare organisations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in social engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk. The current Verizon Data Breach Report ranks social engineering as the third most common cause for breaches.

“The low social engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient,” said Alex Heid, Chief Research Officer at SecurityScorecard. “Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear-phishing, and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organisation to exploit an employee into divulging sensitive information or providing an access point into that organisation’s network.”

Another risk is the array of devices with wireless capabilities such as IoT devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

“As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn’t only lie within the devices themselves, but they also pose a risk to any hospital, treatment center, or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organisation’s primary network,” continued Mr. Heid.

HelpNetSecurity:        Overwhelming Cyber Attacks On Healthcare:
 

« New IoT Chips See, Think & Act Autonomously
Is The CIA Ready For Post-Election Chaos? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

Garland Technology

Garland Technology

Garland Technology specializes in network access points (TAPs) for 100% visibility allowing you to see every bit, byte, and packet flowing through your network.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

Dasera

Dasera

Dasera’s Radar and Interceptor products deliver visibility, governance, and protection solutions for data-agile companies.

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.