71% of healthcare organizations are more concerned about insider threats now than before the pandemic
Netwrix, a cybersecurity vendor that makes data security easy, today announced healthcare market findings from its 2020 Cyber Threats Report. Netwrix conducted this online survey in June 2020 to understand how the pandemic and ensuing work-from-home initiatives changed the IT risk landscape.
Because healthcare organizations are on the front line of the battle to contain COVID-19, they had to revise their cybersecurity priorities more quickly than perhaps any other vertical market. Pre-pandemic, they were mostly concerned about employees accidently sharing sensitive data (88%) and rogue admins (80%); today they are worried about phishing (87%), admin mistakes (71%) and data theft by employees (71%).
As it turns out, their perceptions of risk are both founded and unfounded. They are correct to be concerned about phishing and IT staff errors, since those types of incidents were experienced by 37% and 39% of respondents, respectively, during the first few months of the pandemic. However, even though 37% suffered improper data sharing, concern about this risk plummeted by 32 percentage points since the pandemic began.
Other findings discovered by the survey include:
- Every third healthcare organization surveyed (32%) experienced a ransomware attack, which is the highest result among all verticals studied.
- 26% of healthcare organizations reported data theft by employees; 49% of them were unaware of the incident for weeks or months.
- Concern about supply chain compromise dropped by a record 50 percentage points from the pre-pandemic level; now, only 25% say it is a top security threat.
- No respondents were able to discover improper data sharing in minutes. 26% needed hours and 74% had to spend days, weeks or months to flag the incident.
- 8 out of 10 healthcare organizations regularly report on the state on cybersecurity to executive leadership, and 47% are convinced it takes too much time and effort.
With 39% of healthcare organization experiencing incidents due to errors by IT staff, this industry should pay particular attention to the activities of privileged users. Even one mistake can bring the entire organization to a standstill, leaving it unable to take care of patients. To mitigate the risk of admin mistakes, it is essential to rigorously enforce the least privilege principle through regular privilege attestation. To ensure quick detection of unauthorized modifications, healthcare organizations are advised to automate both monitoring of changes and checking of all system configurations against a healthy baseline.
Ilia Sotnikov, VP of Product Management at Netwrix
To get the complete findings of the Netwrix 2020 Cyber Threats Report, please visit: www.netwrix.com/2020_cyber_threats_report.html
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.
For more information, visit www.netwrix.com.
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170