Healthcare is one of the industries most vulnerable to cyberattacks. Three of the largest reported incidents impacting healthcare organizations in 2015 alone affected more than 100 million patient records and resulted in hundreds of millions of dollars in settlements.
The healthcare industry in many parts of the world is still in the nascent stage of digitalization and often relies on hardcopy medical records. The wide spectrum of formats in which data can exist within an organization, either digitally or in print, means that the risks of data breaches are especially systemic within healthcare. Healthcare organizations also face internal operational risks, such as lost or stolen paper records or non-employee access to restricted care areas. In fact, error and misuse are notoriously widespread in the healthcare industry. It is the only industry that has more internal threat actors behind data breaches than external. The high stakes involved—human safety and sensitive data—make cyber resilience an imperative for the industry.
While the risks are real and have been recognized by the industry, many healthcare organizations have yet to set up and implement a holistic framework, governance, and adequate Board oversight when it comes to cybersecurity. Healthcare organizations must take proactive measures to increase visibility of cyber risk issues within healthcare organizations and distribute cyber risk management responsibility across the firm.
Based on findings from the Marsh-Microsoft Global Cyber Risk Perception Survey 2017, Holding Healthcare to Ransom lays out the current cyber risk landscape in healthcare, and outlines best practices for organizations to assess and manage their cyber risk going forward.