BETHESDA, Md., July 11, 2016 /PRNewswire-USNewswire/ -- The number of attack surfaces continues to rise as the use of mobile medical- and health-related apps grows and as electronic health records become ever-more embedded in clinical settings, according to results of a new survey to be released by SANS Institute in a two-part webcast on July 20 and July 21, 2016.
In it, 38% of respondents consider their medical devices to be a high risk, yet in reality, only 6% attribute actual breaches to such devices. Responsibility for the real breaches, respondents say, lies with their insiders:
- 56% name phishing, spearfishing and whaling the leading type of attack
- 39% see threats resting with insiders
- 16% of impactful breaches are traced to third-party partners
While attack vectors vary by organization, 64% traced infiltrations to desktop computers, and 45% cited laptop computers, which are also user-related.
The fact, that the insider threat still remains high is definitely a concern," says SANS Analyst and author of the survey Barbara Filkins.
"The good news," continues Filkins, "is that respondents are taking a more holistic approach at the infrastructure level, rather than just trying to mark a check box on their compliance list."
"I am definitely encouraged by the fact that the focus for healthcare priorities is shifting to an operational emphasis, especially with the continued growth in attack surfaces," continues Filkins. "Security needs to be baked into clinical and other healthcare-related workflows, supported by improvements in application interfaces that promote the secure way as the easy way, and backed by appropriate monitoring and alerting capabilities."
Full results will be shared during a two-part webcast at 1 PM EDT on both July 20 and July 21, sponsored by Anomali, Carbon Black, ForeScout, Great Bay Software, Trend Micro, and WhiteHat Security, and hosted by SANS. Register to attend the July 20 webcast, which focuses on the assets most at risk, breaches against those assets, and how, in particular, cloud and mobile computing are changing the threat landscape, at www.sans.org/webcasts/101582 and the July 21 webcast focusing on what the survey tells management in terms of priorities, breach management, controls and budgets at www.sans.org/webcasts/101577
Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and healthcare expert, Barbara Filkins.
Insider Threats and Breaches: SANS 2016 Healthcare Survey Results|2 Part Series 7/20-7/21 1PM ET|Register: http://www.sans.org/u/j0Z #infosec
"Insider threats remain high concern among healthcare industry" -2 Part Webcast Series| 7/20-7/21 @ 1 PM ET|http://www.sans.org/u/j0Z #infosec
Taking a holistic approach to prevent cyber attacks in the #healthcare industry |2 Part Webcast - 7/20-7/21 1PM ET| http://www.sans.org/u/j0Z
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)
SOURCE SANS Institute