A new study from SecurityScorecard found that more than 75 percent of the healthcare industry, including health insurance agencies, have been infected with malware over the past year. The analysis also found cybersecurity vulnerabilities could be devastating enough to shut down an entire healthcare network, putting millions of patients at risk. What’s more, the employees are more often than not the root of the problem. “The low social engineering scores among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient,” Alex Heid, chief research officer at SecurityScorecard, explained. “Security is only as strong as the weakest link, and employees are often the lowest-hanging fruit when it comes to phishing, spear phishing and other social engineering attacks.”
While the report was fairly looming on the healthcare industry, it did have some important takeaways. It is crucial to keep separate the local intranet (for administrative tasks) with parts of the network that are used for interconnected medical equipment. Additionally, constantly looking for network exposures can help prevent a breach but more importantly, conducting training programs for information security awareness could significantly reduce the number of breaches.