The healthcare industry is one of the most targeted industries due to the sensitive patient data and workflows these institutions harbor. However, it is one of the only industries that suffers more breaches due to internal actors than external threat actors, according to Verizon’s 2018 Data Breach and Investigation Report.
Healthcare firms’ cyber risk is especially high as many rely on legacy IT infrastructure and small IT teams because of low budgets. The influx of new medical Internet of Things (IoT) devices and machines also complicates existing security architecture at medical institutions.
In the past couple of years, hospitals and other medical practices experienced an influx in ransomware attacks that ceased operations for weeks. Ransomware accounted for 85% of all malware attacks against the healthcare industry, according to Verizon.
Regulations, including HIPAA, also drive business and technology decisions in the industry. Healthcare providers are increasingly under pressure to meet regulatory requirements, especially as their risk exposure increases with new technology adoption.
In a recent 2018 report on business drivers for healthcare providers, Gartner recommended healthcare CIOs “establish an infrastructure that enables great interoperability, flexibility and agility.” Healthcare organizations need – and want – the best of the best when it comes to security. But they want it in a way that’s fast and flexible.