News & Views

Attacks on healthcare IT systems
Findings from the Netwrix’s (www.netwrix.com) latest Cloud Data Security Report shows that nearly half of healthcare organizations were targets of ransomware attacks during the pandemic.

In the 2021 Netwrix Cloud Data Security Report (
www.netwrix.com/2021_cloud_data_security_report.html), 32% of healthcare organizations say they needed days to discover accidental data leakage and supply chain compromise; and their top cloud security challenges are encryption (78%), review of access rights (75%) and employee training (65%).

The most common incidents that healthcare institutions experienced in the cloud were phishing (reported by 44% of organizations), ransomware (39%) and data theft by insiders (35%).  Of the three, data theft was the hardest to detect with more than half of organizations requiring days or weeks to flag it, whilst phishing and ransomware attacks were spotted in hours or less by the overwhelming majority.

“An explosion of telehealth services and the shift of non-clinical employees to WFH increased the need for cloud technologies in the healthcare sector.  As a result, new avenues for cyber threats opened up.  Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high,” says said Ilia Sotnikov, VP of Product Management, Netwrix.

The top consequences of cloud breaches in the healthcare sector were unplanned expenses to fix security gaps (24%), compliance fines (23%) and lawsuits (11%).  Over 60% of healthcare organizations said lack of budget attribute their cloud security challenges to lack of budget, while 56% cited lack of IT/security staff and nearly 40% said that employee negligence hampered security efforts.

“Our report highlights the lack of security fundamentals that could improve the security posture of these organizations,” continues Sotnikov.  “They should consider stronger data governance processes to reduce their attack surface; real-time user activity monitoring to improve time to detect incidents; and training and security awareness programmes for both IT staff and employees.”