In a new survey of North American healthcare employees, Kaspersky Lab found that ransomware has hit nearly a third of companies more than once.
Findings of the report, Cyber Pulse: The State of Cybersecurity in Healthcare, are based on the responses from the 1,758 employees surveyed. Participants ranged from doctors and surgeons to admins and IT staff within the United States and Canada. Of the total participants, 33% of healthcare employees who are aware of a ransomware attack to their organization said attacks have happened more than once.
More than one in six healthcare employees said that they know of a ransomware cybersecurity attack on their organization that has occurred in the past five years or more. Additionally, 78% of American and 85% of Canadian healthcare workers who said they were aware of a ransomware cybersecurity attack to their organization claimed to have experienced up to five attacks.
The last 12 months seem to have been slightly better, though, with only 27% of healthcare IT employees claiming that their employer experienced a ransomware cybersecurity attack within the past year.
Healthcare employees overwhelmingly value protecting their patients, and 71% cited that as their top reason for incorporating cybersecurity measures into their organizations. In addition, 60% of employees want their companies and colleagues protected.
Even though only 21% of healthcare employees believe that their organization will not likely suffer a data breach in the years to come, 23% said they trust in the cybersecurity strategy of their organizations.
“Through our study, we found that healthcare employees in North America were confident that their organization would not suffer a data breach in the forthcoming year. But whether they realize it or not, their industry is suffering hundreds of breaches a year,” said Rob Cataldo, vice president of enterprise sales at Kaspersky Lab, in a press release.
“Healthcare companies have become a major target for cyber-criminals due to the successes they’ve had, and repeatedly have, in attacking these businesses. As organizations look to improve their cybersecurity strategies to justify employee confidence, they must examine their approach. Business leaders and IT personnel need to work together to create a balance of training, education and security solutions strong enough to manage the risk.”