KnowBe4 Releases Figures Concerning Healthcare Cyberattacks

The U.S. healthcare industry has become a top target for cyberattacks over the past several years.

By HFT Original


KnowBe4, the provider of a security awareness training and simulated phishing platform, today revealed concerning figures uncovered as the United States healthcare industry becomes an increasingly attractive target for cybercriminals. 

Over the last several years, the U.S. healthcare industry has suffered tremendously as it has become a top target of cyberattacks. The industry is particularly vulnerable to threats due to the sensitive nature of the data it holds, which includes personal and financial information, as well as medical records. Cybercriminals target the industry, exposing private medical data and Protected Health Information (PHI) on the internet in hopes that healthcare facilities will pay costly ransoms to protect their patients. The exposure of private medical information can have serious consequences for patients, including financial fraud, identity theft and damage to their reputation. Additionally, cyber-attacks can disrupt the operations of healthcare facilities, leading to delays in patient care and potentially putting lives at risk. 

In the last three years, cyberattacks have immensely escalated, especially as hospitals and healthcare facilities around the country combated the COVID-19 pandemic and its aftermath. In 2020, 92 different ransomware attacks occurred at U.S. healthcare organizations, which affected 600 healthcare facilities and impacted more than 18 million patient records; this is a 470 percent increase from 2019. Additionally, 2021 saw a 45 percent increase in the number of attacks and in 2022, the percentage surged again with attacks rising 50 percent from 2021. As a result, the healthcare industry is now the top targeted infrastructure sector most affected by ransomware, causing severe multimillion-dollar economic loss and impact. 

A contributing factor to this issue is that most healthcare organizations allocate less than six percent of their IT budget for cybersecurity, which prevents employees from attaining the education necessary to identify and report security threats. Additionally, according to KnowBe4's 2023 Phishing by Industry Benchmarking Report, across small and medium organizations, the healthcare and pharmaceutical sector had one of the highest baseline Phish-proneTM Percentage (PPP), which determines the percentage of users who are prone to being phished after an initial baseline phishing security testing. After a year or more of regular cybersecurity training, the sector's PPP dropped from 38.3 percent to an average of 5.1 [ercent, proving the effectiveness of new-school security awareness training. 

 

 



October 3, 2023


Topic Area: Information Technology , Safety


Recent Posts

Healthcare Facilities Alerted of 'Scattered Spider' Cyber Threat

The group uses a form of AI technology known as deep fakes, which are convincing yet false recreations that can trick people.


What Do Healthcare Employees Want from Their Organizations?

Safety, location and company culture are among employees’ top concerns.


CareTrust REIT to Acquire a Portfolio of 31 Skilled Nursing Facilities

The company expects the transaction to close in the fourth quarter of 2024.


Report Concerning Cybersecurity Risks of Connected Medical Devices Published

The report identifies 162 different cybersecurity vulnerabilities in connected medical devices.


Henry Ford Health to Pay Settlement in Data Breach Lawsuit

The settlement comes more than a year after the March 2023 data breach.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.