With the Healthcare industry as a primary target by cybercriminals, analytics firm FICO’s latest findings indicate Healthcare is simply not ready for the aftermath of a cyberattack.
We all know insurance of any kind should be in place “just in case”. And when it comes to cybersecurity insurance, the risk is so high today, organizations of every industry vertical should have some form of cyber security insurance. But in the case of the healthcare industry – according to FICO – 70% of healthcare organizations were not insured against cyberattack.
And that’s a huge problem – here’s why:
- According to Verizon’s Data Breach Investigation’s Report, nearly a quarter of all data breaches were in the healthcare industry.
- According to the FICO report, half of all healthcare organizations think levels of cyberattack and data breaches will increase.
- According to Ponemon’s Cost of a Data Breach Report, Healthcare has the highest cost/record involved in a breach, at $408 each. This is more than double the average cost/record of only $148.
Patient Health Information (PHI) can be so valuable, the healthcare industry clearly has a target on its back. Cyber insurance is a no-brainer.
If healthcare is going to pass on cyber insurance, then allow me to point them in the right direction of how to best reduce the risk of data breach.
According to Verizon’s Protected Health Information Data Breach Report, Internal Actions were the greatest source of data breaches, with Error and Misuse as the two primary actions.
This clearly points to users within the organization – users that need to be educated on how to handle patient data, where to store it, how their actions can cause breaches, as well as what kinds of external cyberattacks (which, according to Verizon, in total add up to the largest source of breaches) they should be watchful for. You can accomplish this with new-school Security Awareness Training.
Many data breaches are caused by stolen credentials. FInd out which of your users have breached credentials available on the dark web.
KnowBe4’s Breached Password Test (BPT) checks to see if your users are currently using passwords that are in publicly available breaches associated with your domain. BPT checks against your Active Directory and reports compromised passwords in use right now so that you can take action immediately!
Here’s how Breached Password Test works:
- Checks to see if your company domains have been part of a data breach that included passwords
- Checks to see if any of those breached passwords are currently in use in your Active Directory
- Does not show/report on the actual passwords of accounts
- Just download the install and run it
- Results in a few minutes!
Find out now which users are using hacked passwords:
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: