January 15, 2020

Cybersecurity incidents in healthcare skyrocket, with two thirds of UK organisations hit

By Lucy Ingham

For UK healthcare organisations, cybersecurity incidents are now a very real threat, with 67% suffering from at least one in the past 12 months.

This is according to research published today by Clearswift, which saw the company survey senior decision makers at British healthcare institutions on their experience of cybersecurity incidents.

It found that only had two in three organisations been hit, but that almost half of incidents (48%) were the result of viruses or malware introduced onto organisations’ systems.

These typically entered via USB sticks or internet of things (IoT) devices, with the latter being particularly concerning given that healthcare is set to see an influx of IoT devices in 2020.

There were also a notable number of incidents that were caused by or involved users.

39% of incidents involved employees sharing information with unauthorised third parties, while 37% were caused by users not following data protection policies or internal protocols. 28% were result of malicious links in emails or social media posts.

Level of cybersecurity incidents in healthcare “alarming”

The findings have caused significant concern, particularly given the devastating impact that high-profile cybersecurity incidents have previously had on healthcare institutions.

The most notable case was when WannaCry crippled multiple NHS trusts in 2017, which caused widespread disruption to healthcare and posed a significant threat to patient health.

Given this, it is vital that the healthcare industry significantly steps up its cybersecurity efforts to prevent future incidents.

“The healthcare sector holds important patient data, so it is alarming to see such high numbers of security incidents occurring in the industry,” said Alyn Hockey, VP of Product Management, Clearswift, a HelpSystems Company.

“The healthcare sector needs to securely share data across departments and organisations in order to facilitate excellent patient care. With the proliferation of third-party devices in this process, it’s more important than ever that the industry bolsters its cyber security efforts to reduce the risk of everything from unwanted data loss to malicious attacks and focusses on keeping patient data safe and secure.”

Read more: Can healthcare better protect itself against cybercrime?