Healthcare companies are facing a cyber security crisis
Many industries have found that the rapid expansion in demand for digital information has outpaced efforts to keep the data secure. This is a particular issue for healthcare organizations which handle confidential records yet have seen some headline breaches in recent years.
UpGuard, the company behind the CSTAR security preparedness score for enterprises, has released a new report which provides fresh data on the security failings of companies in the healthcare industry.
The company evaluated 500 healthcare companies across various sectors -- from health insurers to pharmaceutical companies and hospitals -- and gave them each a CSTAR score, a single measure of a company's cyber security risk, indexed on a 0-950 scale.
The average CSTAR score across the industry was only 420. Interestingly though the largest and smallest companies achieved better scores than those in the mid range. The findings also show geographical differences across the US with Utah and Maine scoring high at 597 and 613 respectively, while New Mexico and Delaware score only 209 and 224.
"We've reached a crucial moment in healthcare, while there's a collective push for digitizing medical information and processes, archaic security practices haven’t caught up to tech advances," says Mike Baukes, co-CEO of UpGuard. “This urgent crisis has prompted us to compile the most comprehensive report available on the state of healthcare cyber security in order to demonstrate the scope of the problem and increase understanding of ways to tackle it".
The findings also show that healthcare companies aren't doing enough to protect themselves from phishing attacks. While there are free and easy-to-use mechanisms available to combat phishing by checking the validity of emails before they reach a human target, including Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC), the CSTAR report finds that more than a third (35 percent) of companies still do not have SPF records established and only seven percent have implemented DMARC.
You can see more detailed findings in the full report available from the UpGuard website.