Health care facilities and health systems are investing more and more resources to protect their data, and if IBM X-Force’s 2016 Cyber Security Intelligence Index is any indication, this spending is a wise investment.

The report from IBM Security noted that in 2015, health care became the most frequently attacked field, moving ahead of manufacturing and financial services. Among other things, the report noted that five of the eight largest health care security breaches since the beginning of 2010 — those with more than 1 million records reportedly compromised — took place during the first six month of 2015.

Motivated by the high price medical records can fetch on the black market, cyber thieves are using the data they steal to launch spear phishing attacks, commit fraud and steal medical identities, according to the survey analysis. Phishing is a form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, instant messaging or other communication channels.

The report also found that 60 percent of cyberattacks across all industries were the result of someone with physical or remote access to an organization’s assets — an insider.

The results from our sister publication Hospitals & Health Networks’ Health Care’s Most Wired 2015 survey found that hospitals are taking more aggressive privacy and security measures to combat these types of threats in an effort to safeguard patient data. Top growth areas among the 2015 Most Wired organizations were privacy audit systems, provisioning systems, data loss prevention, single sign-on and identity management. Results of the 2016 Most Wired Survey will be published in H&HN magazine’s July issue.

Health Facilities Management is also surveying hospitals this year on measures they are taking to improve physical security and cybersecurity infrastructure. The cybersecurity portion of the 2016 Hospital Security Survey will cover:

  • Technologies organizations are deploying to safeguard information
  • Cybersecruity measures organizations use for authorized personnel
  • The frequency with which organizations conduct various types of cybersecurity activities

Complete results of HFM’s 2016 Hospital Security Survey will publish in the October issue and will be posted online.