Large teaching hospitals, or hospitals affiliated with medical schools, are more prone to data breaches according to a recent report published JAMA Internal Medicine.
The report found that of the 1,798 breaches which occurred between Oct. 21, 2009 and Dec. 31, 2016, 216 hospitals accounted for 257 breaches and 33 of which had been breached at least twice, many of which were large teaching hospitals.
Researchers noted that several of the other facilities which reported breaches during this time were major teaching hospitals and that larger teaching hospitals were more likely to have been hit with a breach than smaller teaching hospitals or non-teaching hospitals.
Ge Bai, Ph.D., assistant professor of accounting at Johns Hopkins Carey Business School and the study's lead author, told Yahoo that larger teaching facilities may be more prone to attack because there are more people at them with access to private patient data, whether to conducting medical research and or educating new healthcare professionals.
Aging infrastructure could also make medical facilities a prime target that is only amplified by the increased access points that additional staff creates, Plixer International CEO Michael Patterson told SC Media.
“Due to tight budgets, aging systems and rich confidential data, hospitals will continue to be victimized by targeted attacks in 2017,” Patterson said. “To avoid falling prey, insured contractors should be leveraged to patch systems and audit cyber defenses.
Addressing these issues start with educating staff and ensuring there is a multilayered defense in place to help keep patient data safe.
“Most of the malware is coming in via email phishing today,” Nick Bilogorskiy, senior director of threat operations at Cyphort told SC Media. “So - train your staff to recognize phishing. I talked to a large company last week where the phishing open rate decreased from 30 percent to five percent after cybersecurity training.”
Bilogorskiy added that hospitals should frequently back up all of their data to help defend against ransomware attacks.
User-based security analytics could also help deter attacks FireMon Chief Technology Officer Paul Calatayud told SC Media.
“By deploying user-behavior analytics, the security team can begin to identify trends in roles and what normal looks like,” Calatayud said. “When abuse or theft of digital identity occurs, it will get flagged as abnormal behavior.”
Healthcare breaches cost $6.2 billion over the last 2 years, and data breaches in healthcare totaled over 112 million records in 2015, Securonix Chief Information Security Officer and Chief Security Strategist Michael Lipinski told SC Media, citing Forbes. He added that Hospitals were also the largest sector last year for breaches.
“They face serious IoT challenges, a medical device compromise has life and death repercussions,” Lipinski said. “Healthcare data breaches are most expensive, about 80% higher than the US average.”
He added that the healthcare industry is combating compliance, privacy and security challenges in a number of ways making them a one-stop shopping for sensitive data ranging from PHI, PII, credit card, SSNs, etc.