Healthcare organizations growing more concerned about insider threats
According to a new report, 71 percent of healthcare organizations are now more concerened about insider threats than they were before the pandemic.
The study from Netwrix shows that pre-pandemic, these organizations were mostly concerned about employees accidentally sharing sensitive data (88 percent) and rogue admins (80 percent). Today they are worried about phishing (87 percent), admin mistakes (71 percent) and data theft by employees (71 percent).
Phishing and IT staff errors were experienced by 37 percent and 39 percent of healthcare respondents, respectively, during the first few months of the pandemic. In addition 32 percent experienced a ransomware attack, which is the highest result among all verticals studied. Also 26 percent of healthcare organizations reported data theft by employees, with 49 percent of them being unaware of the incident for weeks or months.
"With 39 percent of healthcare organization experiencing incidents due to errors by IT staff, this industry should pay particular attention to the activities of privileged users," says Ilia Sotnikov, VP of product management at Netwrix. "Even one mistake can bring the entire organization to a standstill, leaving it unable to take care of patients. To mitigate the risk of admin mistakes, it is essential to rigorously enforce the least privilege principle through regular privilege attestation. To ensure quick detection of unauthorized modifications, healthcare organizations are advised to automate both monitoring of changes and checking of all system configurations against a healthy baseline."
Among other findings concern about supply chain compromise dropped by a record 50 percentage points from the pre-pandemic level, now only 25 percent say it's a top security threat. No respondents were able to discover improper data sharing in minutes, with 26 percent needing hours and 74 percent having to spend days, weeks or even months to flag the incident.
Only eight out of 10 healthcare organizations regularly report on the state of cybersecurity to their executive leadership, and 47 percent are convinced it takes too much time and effort.
The full report is available from the Netwrix site.