The healthcare industry remains one of the most vulnerable and targeted in all of cybersecurity. But what threatens healthcare cybersecurity most now? Just how expensive is a healthcare data breach? We dove into recent research from Tenable to find out and get the numbers.
According to Tenable, the healthcare industry has suffered even more in the wake of COVID-19, despite some pledges from hackers not to target healthcare providers during the crisis. In fact, adjustments and adaptations necessary to handle the pandemic such as remote services actually created more vulnerabilities in healthcare networks.
Tenable’s recent research explores healthcare cybersecurity in-depth and provides critical statistics for understanding this new InfoSec crisis.
By the Numbers: Healthcare Cybersecurity
In 2020, the Tenable Security Response Team (SRT) discovered 237 breaches in the healthcare sector. To put that in perspective, The Tenable 2020 Threat Landscape Retrospective (TLR) recorded 730 publicly disclosed breaches between January 2020 and October 2020, exposing 22 billion records. The healthcare industry was the most affected industry sector.
As of February 28, 2021, Tenable detected 56 breaches in the healthcare industry thus far.
In general, the average cost of a data breach is $3.86 million. More specifically, the average cost for a healthcare breach is $7.13 million.
The root cause of 54.95 percent (161 breaches) of healthcare breaches was ransomware. Comparatively, phishing caused 21.16 percent of healthcare breaches and insider threats caused 7.17 percent. Of the 161 healthcare breaches, 108 of them never discovered the culprits responsible.
Additionally, several breaches began via third-parties, as those systems often fall outside the normal visibility capabilities of legacy cybersecurity.
Healthcare systems accounted for just over 30 percent of healthcare cybersecurity breaches, whereas hospitals accounted for 19.11 percent.
Demi Ben-Ari Shares Commentary
We asked cybersecurity expert Demi Ben-Ari, Co-Founder and CTO at Panorays, for his thoughts on healthcare cybersecurity and the Tenable report.
“It’s unfortunate, but not surprising, that healthcare has been hit hard by third-party breaches. Malicious attacks on healthcare organizations spiked during 2020, when COVID-19 placed tremendous strains on the industry. Cyber-criminals undoubtedly took advantage of these difficult times to inflict damage on as many targets as possible.
The reality, however, is that all industries are vulnerable to such cyber-attacks, which is why it’s so important to have a comprehensive process in place for assessing the security of third parties. This can be accomplished through a combination of external footprint assessments, automated questionnaires, and taking into consideration the business impact of each relationship. Continuous monitoring is also essential so that organizations can be quickly alerted about any cyber issues.
It’s also interesting to note that according to this study, third-party data breaches accounted for one-quarter of the threats to healthcare organizations. Yet we know that organizations certainly spend far less than 25% of their budgets on third-party security. Clearly, this is something that organizations should consider when weighing the costs and benefits of preventing third-party data breaches.”
Thanks to Demi Ben-Ari for his time and expertise. If you want to learn more, be sure to check out the Solutions Review SIEM Buyer’s Guide. Alternatively, check out the SOAR Buyer’s Guide for more on this cutting-edge enterprise security technology.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021