Times and tastes change, however, and starting two years ago, a new focus was selected: health care providers, insurance companies and the like. Protected health information turned out to be, in many cases, more valuable than mere credit card data.
The market boomed, and to this day, health-related companies are disproportionately represented among hacking targets.
Worse, a recent study conducted by MediaPro indicates that health care professionals are woefully unprepared to deal with such attacks. Based on their findings, just 28 percent of healthcare professionals in the United States have the privacy training and security skills necessary to provide any meaningful assistance when it comes to preventing leaks or minimizing their impact.
The findings only get worse from there. Nearly one in five healthcare professionals (18 percent) were classed as being active risks whose lack of security awareness could actually increase the chances of a breach.
Another 54 percent were rated as “novices,” meaning they had only rudimentary knowledge and understanding in the key areas of acceptable uses of social media, cloud computing, understanding malware warning signs, phishing prevention and access controls.
Even more disheartening is the fact that 69 percent of health care organizations reported feeling more at risk than companies in other sectors. They know that the problem exists, but thus far, have struggled to do anything meaningful to begin to change the equation. This is in spite of the fact that almost two thirds (61 percent) of those companies have adopted the best practice security frameworks like NIST.
This is a problem with no easy fixes, and it’s going to get worse before it gets any better, because 2017 stands to be another record breaking year in terms of high profile security breaches. Buckle up, especially if you work in the industry. It’s going to be a bumpy ride.