Cybersecurity attacks reveal alarming trend threatening U.S. healthcare systems
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today revealed concerning figures uncovered as the United States healthcare industry becomes an increasingly attractive target for cybercriminals.
Over the last several years, the U.S. healthcare industry has suffered tremendously as it has become a top target of cyber attacks. The industry is particularly vulnerable to threats due to the sensitive nature of the data it holds, which includes personal and financial information, as well as medical records. Cybercriminals target the industry, exposing private medical data and Protected Health Information (PHI) on the internet in hopes that healthcare facilities will pay costly ransoms to protect their patients. The exposure of private medical information can have serious consequences for patients, including financial fraud, identity theft and damage to their reputation. Additionally, cyber attacks can disrupt the operations of healthcare facilities, leading to delays in patient care and potentially putting lives at risk.
In the last three years, cyber attacks have immensely escalated, especially as hospitals and healthcare facilities around the country combated the COVID-19 pandemic and its aftermath. In 2020, 92 different ransomware attacks occurred at U.S. healthcare organizations, which affected 600 healthcare facilities and impacted more than 18 million patient records; this is a 470% increase from 2019. Additionally, 2021 saw a 45% increase in the number of attacks and in 2022, the percentage surged again with attacks rising 50% from 2021. As a result, the healthcare industry is now the top targeted infrastructure sector most affected by ransomware, causing severe multimillion-dollar economic loss and impact.
A contributing factor to this issue is that most healthcare organizations allocate less than six percent of their IT budget for cybersecurity, which prevents employees from attaining the education necessary to identify and report security threats. Additionally, according to KnowBe4’s 2023 Phishing by Industry Benchmarking Report, across small and medium organizations, the healthcare and pharmaceutical sector had one of the highest baseline Phish-proneTM Percentage (PPP), which determines the percentage of users who are prone to being phished after an initial baseline phishing security testing. After a year or more of regular cybersecurity training, the sector’s PPP dropped from 38.3% to an average of 5.1%, proving the effectiveness of new-school security awareness training.
“The U.S. healthcare system is an essential pillar to so many of our lives, which is what makes this trend so alarming,” said Stu Sjouwerman, CEO, KnowBe4. “Although this trend is sure to continue, it is important to remember that within the industry, healthcare employees are the sector's largest attack surface, making security awareness training a vital tool to defend against cybersecurity threats. An educated workforce forms a strong human firewall, which is key to practicing safe cyber habits and building a strong security culture. For the U.S. healthcare industry, this could result in employees around the country making proactive security decisions that lead to less attacks, driving the trend down while protecting the privacy of patients.”
To learn more about KnowBe4’s new-school security awareness training platform, visit https://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.