Health IT

What do healthcare leaders consider the biggest potential source of cyberattacks?

According to a survey from HIMSS Analytics and Mimecast, healthcare IT professionals consider email to be the number one potential source of cyberattacks. Email outranked various other likely sources, including EMRs, laptops and paper.

What do healthcare executives view as the number one potential source of data breaches? Email, according to new research from HIMSS Analytics and Mimecast, a data security company.

Email took the top spot over various other potential sources of a cyberattack, including laptops, EMRs, paper, desktop computers and other portable electronic devices.

The finding comes from an online survey conducted between September and November 2017 among 76 healthcare IT professionals, including CIOs, IT directors and more. Respondents were from small (0 to 200 beds), mid-sized (201 to 399 beds) and large (401 or more beds) organizations.

According to the results, 78 percent of respondents have had an email-based cyberattack (whether ransomware, malware or both) in the past 12 months.

Looking ahead, 87 percent anticipate email-related cyber threats will increase or significantly increase in the future. The remaining 13 percent expect such threats will stay the same or decrease.

This proves to be a problem, given that 93 percent of respondents said email is critical to their organization’s success. Nearly half indicated that their organization cannot afford any time without email access.

These worries point to a larger sense of anxiety within the industry. A little more than three out of four participants said they’re very concerned about cybersecurity.

And the possibility of new threats is only growing. Respondents said their top three challenges in the cybersecurity realm are protecting their organization against new threats, training employees to notice risks and staffing.

To confront this, healthcare executives are taking action. Organizations are undertaking various initiatives to build resiliency. These include preventing malware and ransomware attacks, training employees on cybersecurity diligence and securing email.

Regular cybersecurity assessments are also valuable. Among organizations that perform these assessments, 67 percent always include email as part of the analysis.

“It’s encouraging that protecting the organization and training employees are top initiatives for next year, but the survey suggests the industry has work to do,” David Hood, a healthcare cyber resilience strategist at Mimecast, said in a news release.

This latest survey comes at the same time as similar cybersecurity research out of Accenture and the American Medical Association. The results of their summer survey of 1,300 physicians show that 83 percent of doctors have experienced some type of cyberattack in their practices.

Among the physicians in that poll, the most common type of threat appeared to be phishing, which was cited by 55 percent of those who experienced an attack. Computer viruses, ransomware, network hacking and inappropriate insider access were also fairly common.

Photo: ValeryBrozhinsky, Getty Images