[German]Data protection is a critical item in healthcare organizations. It's not always solved in "the best way". Back in November 2024, I came across a study dealing with data protection in the healthcare sector. The frustrating statement: "45% of healthcare organizations have problems ensuring data protection for their 'customers' or patients".
Advertising
It's no secret and has been proven by various reports: The healthcare sector is one of the most frequent targets of cybercriminal attacks. In 2023, the FBI's Internet Crime Complaint Center (IC3) received 1,193 complaints from organizations belonging to a critical infrastructure sector that were affected by a ransomware attack. The healthcare sector was the most affected with 249 attacks.
Despite handling sensitive patient data, the latest data from Fall 2024 shows that healthcare organizations are inadequately positioned and need adequate cybersecurity measures. An analysis by the HIPAA Journal shows that the number of data breaches in the healthcare sector increased by 156% to 133 million in 2023 compared to 2022. In 2023, an average of 373,788 healthcare data breaches were committed per day.
The Cybernews Business Digital Index shows that 45% of the healthcare companies surveyed worldwide were given a grade of "F" (probably inadequate) for their cyber security measures. These are the results of an analysis of 1,182 financial and healthcare companies worldwide
Security in the healthcare sector is lagging behind
The sensitive nature of patient data attracts the attention of cybercriminals. Although one might assume that healthcare organizations treat their customers' data with special care, most do not have sufficient budgets for cybersecurity and do not apply good data protection practices.
According to the Business Digital Index, which rates companies based on their online safety measures, 45% of healthcare organizations analyzed worldwide received a grade of F, and 23% received a close grade of D. Only 3% of healthcare organizations were worth an A grade for their safety measures.
Advertising
Things don't look much better for the other ratings either: 4% of healthcare organizations received a B grade, and 24% received a C grade. Only two companies received the best rating with 97 out of 100 points. However, the average of all companies surveyed was only 71.
The most common security problems
The Business Digital Index shows that the most common security issue is related to the Secure Sockets Layer (SSL) configuration. Over 6,000 issues were identified in 201 healthcare organizations. In addition, these organizations lost over 21,000 pieces of corporate data.
Protecting corporate and customer data becomes even more difficult when around a third (30%) of employees reuse leaked passwords. In addition, the index found over 700 critical and high-risk vulnerabilities in healthcare organizations' websites.
In 2024, UnitedHealth's Change Healthcare platform suffered a data breach that affected over 100 million Americans. Hackers used ransomware to disrupt the platform's operations and exfiltrate sensitive data. It was the largest healthcare data breach in the US and highlighted the importance of cyber security in this industry.
On a positive note, only a fifth (18%) of healthcare organizations have potentially spoofable domains. However, 55% of organizations should work on improving their cloud hosting systems, it recommended, as these are currently at a low level.
Advertising
Take a notebook, approach any hospital, start wifi and scan … In minutes you have a dozen SSIDs without any security and access to any data, ie X -ray photos on SMB1. SSL?… Maybe after first human on proxima centauri.