A recent study from CheckPoint shows that healthcare data breach costs have risen by an astonishing 282% in the past 12 months, while there has been a 60% rise in healthcare security incidents.
Even though the industry is being targeted by cybercriminals and the frequency of attacks has increased, only 54% of healthcare organizations have tested their data breach response plan, and only 21% of healthcare organizations use disaster recovery technology. Yet 19% of organizations have reported suffering a security breach in the past 12 months.
The healthcare industry is being targeted due to the high value of healthcare data. Healthcare records are now 10 times more valuable than credit cards according to the report. The prize is certainly worth pursuing, yet many healthcare organizations make it too easy for hackers and have relatively poor security compared to other industry sectors.
According to the report, HIPAA Rules may appear to be helping to improve the standard of data security in the healthcare industry, but the reality is HIPAA might actually be allowing vulnerabilities to persist. According to the report, “Personal information protection sometimes is prioritized over access control protections.” Personal information protection is important, but Checkpoint says “the focus needs to shift to IoT and access control protections.”
There Has Been an Exponential Increase in New Malware in the Past 12 Months
The Checkpoint 2016 Security Report provides some insight into the extent to which malware is being developed. New forms of malware are now being developed at a rate that is making it impossible for traditional security software to detect. In the past 12 months, there has been a nine-fold increase in the number of unknown malware attacks.
Checkpoint reports that 971 unknown malware downloads now occur every hour, which equates to one download by an employee every four seconds. Last year, there were only 106 downloads per hour. The exponential increase in downloads is a major cause for concern.
Over the past 12 months, security firms have discovered 12 million new malware samples. Those figures would be a concern if they were for the entire year, but that is the volume of new malware being discovered every month. In fact, the past two years has seen more malware discovered than in the previous 10 years.
Employees are the Weakest Link
Figures from Che3ckpoint show that employees are the weakest link in the security chain. Organizations are training their employees how to identify phishing attacks and malicious emails, yet training does not appear to be particularly effective at preventing malware downloads and phishing attacks. The report indicates 75% of cyberattacks target endpoints via email. Hackers are also managing to bypass network gateway firewalls with ease. In 39% of endpoint attacks firewall gateways were bypassed.
While new malware is proving to be a problem, organisations are still struggling to prevent attacks using known malware. Known malicious software is being downloaded onto users’ devices via compromised websites as a result of poor patch management policies.
When malware is downloaded onto networks, organizations are struggling to detect infections. According to the report, 85% of threats were not discovered until after organizations had been breached. Unfortunately, it is all too easy for hackers to evade detection. They are now able to make a small change to malware that will prevent traditional security software from detecting infections.