Nearly two-thirds of healthcare organizations globally have experienced a cyberattack in their lifetime, while 53 percent were attacked within the last 12 months, according to new research by Keeper Security. 

These findings derived from Keeper Security's 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, conducted by the Ponemon Institute, which surveyed 2,391 IT and IT security practitioners in the U.S., U.K., DACH, Benelux and Scandinavia, including 219 from the healthcare industry.

"Electronic health records are some of the most lucrative documents on the dark web, so it's not surprising that the healthcare industry is highly-targeted by cybercriminals," said Darren Guccione, CEO and Co-Founder of Keeper. "While the majority of healthcare organizations have already experienced a cyberattack, this research shows the industry still doesn't have the necessary resources and budget allocated to preventing and responding to major data breaches. Patients depend on providers to protect their sensitive health information and moreover, their lives via connected medical devices. Therefore, it's critical that cybersecurity become a top priority in healthcare."

According to the findings, data breaches in healthcare resulted in an average of 7,202 patient and employee records lost or stolen and came with an average price tag of $1.8 million from the disruption of normal operations. The three most commonly reported types of attacks were phishing (68 percent), malware (41 percent) and web-based (40 percent).

While cyberattacks are becoming more targeted, sophisticated and severe, according to the survey, healthcare respondents indicated they lack the resources to appropriately protect themselves. Only one-third of healthcare organizations believe they have sufficient budget to support strong IT security and 87 percent said they don't have the personnel needed to achieve a more effective cybersecurity posture.

Additional highlights from the findings include:

  • 66 percent of healthcare organizations agree that passwords are an important part of cybersecurity prevention, yet over half don't have visibility into their employees' password practices.
  • Less than half of those surveyed have a plan for responding to an attack.
  • 90 percent of healthcare organizations dedicate less than 20 percent of their IT budget to cybersecurity, with an average allocation of 13 percent.

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report underscores growing cybersecurity concerns best illustrated through the year-over-year trends dating back to 2016.