Rising Cyber Attacks on U.S. Healthcare
No attachments for this post
KnowBe4, the premier security training and phishing simulation platform, has recently shed light on alarming statistics indicating the growing allure of the U.S. healthcare sector for cybercriminals.
In recent years, the U.S. healthcare sector has become a prime target for cyber attacks. This vulnerability arises from the sector's vast reserves of sensitive data like personal, financial, and medical records. Cybercriminals increasingly exploit this, leaking confidential medical and Protected Health Information (PHI) online, banking on institutions paying hefty ransoms to safeguard their patients. Such breaches not only put patients at risk of financial fraud and identity theft but also interrupt healthcare operations, potentially endangering lives.
Amidst the COVID-19 pandemic, cyber attacks amplified. In 2020 alone, U.S. healthcare witnessed 92 ransomware attacks impacting over 600 institutions and compromising over 18 million patient records—a staggering 470% hike from 2019. The subsequent years saw 45% and 50% increases in attacks in 2021 and 2022 respectively. Consequently, the healthcare sector has now become the primary victim of ransomware, incurring massive economic damages.
A significant concern is that most healthcare institutions dedicate a mere six percent of their IT budgets towards cybersecurity. This limits the training staff receive in identifying and reporting potential threats. KnowBe4's 2023 Phishing by Industry Benchmarking Report indicates that among small to medium entities, the healthcare sector had one of the highest initial susceptibility rates to phishing. However, regular cyber training effectively reduced this rate from 38.3% to an average of 5.1%.
Stu Sjouwerman, CEO of KnowBe4, commented on the gravity of this issue. He emphasized, "The U.S. healthcare system is indispensable to countless individuals, making the current trends even more distressing. While these challenges persist, it's crucial to understand that healthcare employees are the primary target. Security awareness training isn't just beneficial; it's essential. A well-informed staff can act as a robust human firewall, promoting cybersecurity and safeguarding patient data. For the U.S. healthcare sector, this might mean more proactive security measures and fewer attacks, ensuring patients' privacy remains intact."
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.