Duncan is an award-winning editor with over 20 years of experience in journalism. Having started his career in tech journalism as an editor for Arabian Computer News in Dubai, he has since edited a range of digital and technology marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.
61% of companies working in healthcare have experienced a cyber attack on their cloud infrastructure in the past 12 months, compared to 53% for other industries.
This is according to the 2022 Cloud Security Report by cybersecurity firm Netwrix. Phishing was the most common type of attack reported, followed by ransomware or other malware attacks, and targeted attacks on cloud infrastructure.
Dirk Schraeder, Vice President of Security Research at Netwrix, said: “The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organizations, IT security resources are often extremely stretched. It focuses on maintaining only the most important functions.
In addition, the high value of the data gives cybercriminals better opportunities for financial gain: they can either sell stolen sensitive medical information on the dark web or extort ransom “to unfreeze” the medical systems used to keep patients alive.
The attack in the healthcare sector is likely to have financial consequences. 32% of respondents from other industries reported that the attack had no impact on their business, while only 14% of healthcare organizations said the same. Unplanned expenditures to cover vulnerabilities and compliance fines are the most common type of damage the healthcare industry faces from a cyber attack.
“Healthcare organizations plan to increase their share of the workload in the cloud from 38% to 54% by the end of 2023. Rapid adoption of the cloud must be accompanied by relevant security measures and special attention to Internet of Things (IoT) devices and systems. For example, Penetration of respirators or intravenous infusion devices can cause physical harm to patients,” Schrader added.
Network fragmentation will help prevent a single compromised device from affecting the entire system. IT teams should also restrict the people – humans and machines – who can access data and systems according to the principle of least privilege, and regularly review and quantify these access rights.”
Other notable findings include:
- 86% of cloud attacks in the healthcare industry result in financial losses or other damages
- 73% of healthcare organizations store sensitive data in the cloud. The most common type (45%) is patient or protected health information.
- 59% of respondents say integration with the existing IT environment is the main obstacle to faster cloud adoption compared to 41% among other industries.
- 48% consider contractors and partners with legitimate access to be the biggest risk to data security in the cloud.