Morphisec Releases 2019 Consumer Healthcare Cybersecurity Threat Index

45% of Consumers Believe their Health Data is More Secure on their Own Phone than on Providers’ Devices, While Nearly 80% Admit They’re Not Prepared to Handle healthcare cyberattacks on Their Own

BE’ER SHEVA, ISRAEL and BOSTON, MA – April 3, 2019 – Morphisec, the worldwide leader in Moving Target Defense for the enterprise and mid-market, today released findings from the 2019 Morphisec Consumer Healthcare: Cybersecurity Threat Index. The report surveyed more than 1,000 consumers, weighted for the U.S. population, to get their perspective and understanding of the threatscape surrounding the healthcare industry, and how attackers are targeting their personal health information.

While the $36B shift to Electronic Health Records (EHRs) and the adoption of new enabling technologies has improved the quality of healthcare over the last decade, cybersecurity vulnerabilities have emerged as a byproduct that has made the industry vulnerable to a growing number of highly advanced threats. In February, Morphisec Labs identified an ongoing cyberattack in which hacker group FIN6 expanded into the healthcare field targeting a diagnostic image processing firm.

Sophisticated cyberattackers are now attuned to the vulnerabilities that exist within the industry and are targeting it more than double the rate seen across other sectors. This attack frequency poses considerable risk to healthcare organizations and more importantly to the patients' data they are securing. As Morphisec continues to assist healthcare providers with improving their cyber defenses and protecting patient data, it examined how the increasing amount of healthcare cyberattacks are impacting the mindset of consumers.

Highlights from the Morphisec 2019 Consumer Healthcare: Cybersecurity Threat Index include:

  • 54% of consumers say “they don’t know if a cyberattack has hit their healthcare providers,” despite HIPAA laws requiring providers to notify patients when their information has been compromised.
  • Healthcare portal use by consumers has increased to 42% this year from 28% in 2018, increasing the need for providers to protect internet-facing websites, which hackers are actively targeting.
  • 45% of consumers say they believe that their health information is more secure on their personal electronic devices (iPhone, laptop, etc.) than on the electronic devices within their healthcare provider.
  • Over 50% of consumers say they play a role alongside their provider in protecting shared health information, but nearly 80% of consumers admit they are not prepared to handle threats to health data on their own.
  • Consumers are more fearful of a health data breach (59%) than hackers gaining access to an internet-connected medical device (41%).
  • Consumers believe web (24%) and endpoint defenses (21%) are providers’ weakest links in protecting their data.

“With nearly 90% of health organization CIOs indicating they purchase cybersecurity software to comply with HIPAA, rather than to reduce threat risk, consumers have a right to be worried about the cyber defenses protecting their health data,” said Tom Bain, VP of Security Strategy at Morphisec. “Merely checking the box that cybersecurity defenses meet HIPAA requirements isn’t enough to protect healthcare organizations today from advanced and zero-day attacks from FIN6 and other sophisticated attackers.”

Download the full Morphisec 2019 Consumer Healthcare: Cybersecurity Threat Index here.

Healthcare providers interested in Morphisec’s endpoint security solution for the healthcare industry can find more information here.