Healthcare Industry Lacks Basic Security Knowhow

Uploaded on 2016-11-04 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Levels of security awareness in Healthcare are lower than average and this sector is particularly vulnerable to social engineering style attacks. 

SecurityScorecard released a comprehensive analysis exposing cybersecurity vulnerabilities across 700 US healthcare organisations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in social engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk. The current Verizon Data Breach Report ranks social engineering as the third most common cause for breaches.

“The low social engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient,” said Alex Heid, Chief Research Officer at SecurityScorecard. “Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear-phishing, and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organisation to exploit an employee into divulging sensitive information or providing an access point into that organisation’s network.”

Another risk is the array of devices with wireless capabilities such as IoT devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

“As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn’t only lie within the devices themselves, but they also pose a risk to any hospital, treatment center, or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organisation’s primary network,” continued Mr. Heid.

HelpNetSecurity:        Overwhelming Cyber Attacks On Healthcare:
 

« New IoT Chips See, Think & Act Autonomously
Is The CIA Ready For Post-Election Chaos? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

SQA Service

SQA Service

SQA Service provide independent software and process Quality Assurance services.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Crossword Cybersecurity

Crossword Cybersecurity

We work with research intensive European university partners to identify promising cyber security intellectual property from research that meets emerging real-world challenges.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Tarlogic

Tarlogic

Tarlogic works to protect and defend your security with the highest quality technical team with next generation solutions to achieve the best protection.