Healthcare providers, the holders of some of the most sensitive possible data on consumers, rank email as their worst cyber security threat, according to a study from Mimecast Ltd., conducted by HIMSS Analytics.
Of 76 IT professionals surveyed, 78% say their employers have suffered an email-related attack in the last 12 months -- some more than a dozen times. Worse, entire hospital operations have been shut down by WannaCry and Petya attacks delivered by email.
Thus, it is no surprise that 37% rank email as the No. 1 source of data breaches -- more than all the other threats combined -- and that this fear is “unequivocal,” writes David Hood, director, technology marketing for Mimecast, in a blog post on the results.
Next are laptops and other portable electronic devices, followed by paper/films and electronic medical records. Desktops rank near the bottom, and network severs are last.
The most common type of threat -- cited by 83% -- is ransomware, followed by malware, spear phishing and business email compromise.
Overall, 87% expect email-related security threats to increase. And 97% are concerned about cyber security in general.
They have reason to feel vulnerable: Roughly 80% use email to send patient healthcare information. And they are governed by HIPPA, a strict medical privacy law
Email is critical to 90% of these organizations. And 43% say email is mission-critical, and that they cannot tolerate downtime.
All this points to a need for encryption solutions, the study notes.
So what are these providers doing to fight cyber crime?
Of those polled, 94% are working on initiatives to prevent attacks, 90% are conducting employee training and 77% are securing their email. Large percentages are also performing periodic cyber security audits, creating standard security policies and building enhanced network security.
"This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks,” states Bryan Fiekers, senior director, HIMSS Analytics.
He adds that “while the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats.”
It is critical to ensure the appropriate safeguards are in place to protect sensitive patient data and demonstrate compliance with security and privacy regulations such as HIPAA.
Hood offers these tips for providers worried about data security:
Mimecast is an email and data security company.