A recent Healthcare cyber security report from Evolve IP found that more than two-thirds of healthcare organizations have employees with compromised email credentials. Of these compromised accounts, 76 percent included actionable password information for sale on the dark web, the report found. And between about 55 percent and 80 percent of organizations had compromised email accounts. Healthcare cyber security is far from healthy according to these numbers.
To make matters worse, 23 percent of these stolen passwords are found in clear text on the dark web. While the other stolen passwords are sold encrypted, the level of encryption used isn’t enough to stop a hacker from cracking it.
Hackers get into the system with phishing and key-logging attacks, researchers said. Any one of these vulnerabilities can escalate to ransomware, patient data breaches or denial of service attacks.
“By understanding the types of changes people make to their passwords over time, hackers can create a user profile and determine a person’s new password fairly accurately by using simple guessing or sophisticated automated algorithms,” researchers said.
Some healthcare sectors fared better than others. Medical billing and collections had the least amount of compromised accounts, while regional healthcare plans were the least secure with 80.4 percent of organizations compromised.
The overwhelming majority of these organizations used cryptographically hashed passwords, which researchers explained are inadequate for today’s healthcare cyber security challenges. Hackers have many tools that can easily crack these types of passwords.
As healthcare organizations are hackers biggest target, security best practices must include email safeguards, researchers said. 63 percent of breaches are caused by compromised email credentials. And about 7,500 individual healthcare cyber security incidents occurred due to these compromises.
Could Healthcare data be safer in the cloud?
Healthcare IT professionals and executives believe overwhelmingly that when facing hardware malfunctions and environmental disasters, their organization’s data is safer in the cloud than on premises, according to Evolve IP report.
The survey also revealed a preference for private over public clouds with about 60 percent preferring private cloud infrastructure over public clouds for data security. The survey of more than 180 healthcare professionals, which provides current cloud adoption trends and future cloud deployment insights, also revealed that 85 percent of all healthcare organizations now have at least one service in the cloud.
For environmental disasters – 61 percent felt their information was safest in a private cloud compared to 27.5 percent in a public cloud and 11.5 percent on premise.
For malicious attacks, 58.5 percent preferred a private cloud to safeguard their data versus 32 percent on premise and 9.5 percent public cloud.
For hardware malfunctions 58.5 percent preferred private clouds compared to 24 percent public cloud and 17.5 percent on premises.
Note: The report publisher Evolve IP is The Cloud Services Company so…
This article was first published on CyberSec.Buzz.