Large businesses are constantly targeted by hackers, and recent reports suggest that many large companies don’t take the necessary precautions to prevent outsiders from accessing their computer systems.
But the threat of cyberattacks is even greater for health care organizations, over 80 percent of which report being targeted by an attack in a recent survey by KPMG, a global professional services consulting firm.
The survey polled 223 executives of for-profit and non-profit health care organizations worth at least $500 million.
Forty-four percent of the executives said their organization had been subjected to between one and 50 cyberattacks in the past 12 months. Another 38 percent said their company had experienced between 50 and 350 attacks, while 13 percent said they were attacked more than 350 times.
Most frightening for business and consumers alike, 25 percent of respondents said their organization either lacked the ability to detect cyberattacks in real time or that they didn’t know whether it could or not.
“They are probably compromised and don’t even know it,” said Michael Ebert, KPMG partner and health care leader for the firm’s Cyber Practice.
Nevertheless, most executives are clearly aware of the danger that exists from cyberattacks. But not everybody agrees on where the likely attacks will come from. Asked to cite likely sources of a breach, 65 percent said external attacks were a big concern, while 48 percent cited the sharing of data with third-parties. Thirty-five percent identified theft or breaches by employees and 35 percent said wireless computers were a likely risk. Only 27 percent said that substandard firewalls might be a likely issue.
UCLA Health System announced last month that it had been the victim of a cyberattack that may have compromised confidential data of as many as 4.5 million patients.
The survey also shed light on what executives fear the impact of a cyberattack could be. The most common fear was the presence of malware that could infect a system, while 57 percent say they were very concerned about the theft of patient data.
While KPMG noted that health care organizations were at a higher risk of cyberattacks than most other businesses, they are not targeted as often as financial institutions.