Cybersecurity: Email is largest source of healthcare data breaches for 2017


Emails are the top source for data breaches so far this year according to the US Department of Health and Human Services, Modern Healthcare reports.

A total of 73 breaches were reported between January 1 and November 30, affecting information related to 573,698 individuals, according to the report.

The threat of email breaches is not unknown among hospital staff, who see it as the most likely source for such an intrusion, according to Modern Healthcare.

A total of four out of five US physicians have experienced such email-based cyberattacks, according to an Accenture survey quoted in the report. A separate survey, performed by Mimecast, suggests that 78% of physicians had reported either a malware or ransomware attack over the last 12 months.

“This study confirms that no healthcare provider is immune to the growing threat of email-related cyberattacks,” HIMSS Analytics senior director Bryan Fiekers said, according to Modern Healthcare.

Other data from the Mimecast survey indicated that nearly 25% of surveyed individuals said they’d had 16 or more malware or ransomware attacks over a year, and that nearly 75% of the individuals surveyed saw their email as “mission critical,” according to the report.

“It’s really a business issue to keep it up and running,” Mimecast cyber-resilience strategist David Hood said, according to Modern Healthcare.

Healthcare practices are taking steps to reduce such intrusions, according to data from the Mimecast survey. Results indicated that nearly 75% of those surveyed sad their organizations were taking steps to secure their emails, and 91% said they are training employees on secure practices to prevent and reduce malware and ransomware attacks.

Large organizations were putting in the most effort to prevent such attacks, according to the report.

“But you also have to recognize that no matter how much training you do, you can’t solve for every problem with human beings in the chain and being involved in the decision to open the email and click on something,” Hood said, according to Modern Healthcare.

In November, the US House Energy and Commerce committee said it was looking to the Department of Health and Human Services to shore up medical device cybersecurity.