Report: Third-party attackers have breached 44% of health care orgs

A report by critical access management leader SecureLink reveals that, in the last 12 months, 44% of health care organizations have experienced a data breach caused by a third party. Developed in partnership with Ponemon Institute, the report examines the worrisome rise in health care cyberattacks — especially from third parties — during the pandemic, as well as their potentially life-threatening consequences.’

More problematic still, the report highlights the fact that many health care organizations do not have sufficient security protocols in place to manage user identities and identify suspicious access. Of those surveyed, only 41% of health care respondents said they had a comprehensive inventory of third parties with access to critical systems, and just 44% said they have visibility into the level of access and permissions that both internal and external users have. This lack of visibility combined with the pandemic, which strained hospital resources and increased the industry’s reliance on digital health technology, created the perfect storm for the spike in health care cyberattacks seen today. Unfortunately, these kinds of data breaches — and the downtime required to respond to them — can be fatal, as they force hospitals to divert ambulances and patients in critical condition.

Because the health care sector suffers four times more cyberattacks than other industries, including sophisticated supply chain attacks, SecureLink emphasizes how imperative it is that health care organizations secure their critical access points immediately. The report outlines concrete steps health care organizations can take to prevent and mitigate future cyberattacks, such as implementing zero trust network access, monitoring application access, and regularly reviewing access rights among users and vendors.

The data points in the report include responses from 69 individuals across health and pharma industries who are involved in their organization’s approach to managing critical access data risks. Respondents are based in North America.

Read the full report by SecureLink.

Originally appeared on: TheSpuzz