Healthcare Industry Lacks Basic Security Knowhow

Uploaded on 2016-11-04 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Levels of security awareness in Healthcare are lower than average and this sector is particularly vulnerable to social engineering style attacks. 

SecurityScorecard released a comprehensive analysis exposing cybersecurity vulnerabilities across 700 US healthcare organisations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies. Security breaches in this industry pose devastating consequences because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.

Among all industries, healthcare ranks 15th out of 18 in social engineering, suggesting a security awareness problem among healthcare professionals, putting millions of patients at risk. The current Verizon Data Breach Report ranks social engineering as the third most common cause for breaches.

“The low social engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient,” said Alex Heid, Chief Research Officer at SecurityScorecard. “Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear-phishing, and other social engineering attacks. For a hacker, it only takes one piece of information such as learning the email structure of an organisation to exploit an employee into divulging sensitive information or providing an access point into that organisation’s network.”

Another risk is the array of devices with wireless capabilities such as IoT devices, wireless medical devices and tablets, which have paved the way for medical advances benefiting hospitals and patients. However, their speedy delivery and implementation has resulted in subpar security setups.

“As long as these IoT devices are manufactured with poor security standards, the vulnerability doesn’t only lie within the devices themselves, but they also pose a risk to any hospital, treatment center, or individual using the device. If a connected device is hacked into, the device can be forced to malfunction or it can be used as a pathway to reach an organisation’s primary network,” continued Mr. Heid.

HelpNetSecurity:        Overwhelming Cyber Attacks On Healthcare:
 

« New IoT Chips See, Think & Act Autonomously
Is The CIA Ready For Post-Election Chaos? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Interpol

Interpol

Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

Cyber Science

Cyber Science

Cyber Science is the flagship conference of C-MRiC, focusing on pioneering research and innovation in Cyber Situational Awareness, Social Media, Cyber Security and Cyber Incident Response.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

Cympire

Cympire

Cympire significantly increases an organisation’s Cyber Resilience through continuous Training and Assessment. Cyber Security Training Platform. Cloud-based and fully customizable Cyber Range.

Pacific Cyber Security Operational Network (PaCSON)

Pacific Cyber Security Operational Network (PaCSON)

PaCSON is an operational cyber security network of regional working-level cyber security experts in the Pacific.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.