Study: 78 Percent of Healthcare Providers Reported Cyberattacks in Past Year

The study, which was conducted by Mimecast and HIMSS Analytics, examined 76 senior IT professionals at various sized healthcare facilities.

Study: 78 Percent of Healthcare Providers Reported Cyberattacks in Past Year

Sixty-three percent of large healthcare facilities have experienced both malware and ransomware in the past 12 months.

In a new study, 78 percent of healthcare providers say they have experienced email-related cyberattacks in the form of ransomware, malware or both in the past 12 months.

The study, conducted by Mimecast and HIMSS Analytics, examined 76 senior information technology professionals responsible for information security at various sized healthcare facilities.

Of the 76 IT professionals, 87 percent say they expect email-related security threats to increase significantly in the future.

Eighty-three percent say ransomware is the most concerning type of email-related threat and four out of five respondents say they use email to send Protected Health Information (PHI).

“This survey clearly demonstrates that email is a mission-critical application for healthcare providers and that cyberthreats are real and growing – surprisingly, even more so than the threats to Electronic Medical Records (EMRs), laptops and other portable electronic devices,” says Mimecast healthcare cyber resilience strategist David Hood.

Other concerns of respondents include malware, targeted attacks such as spear-phishing and business email compromise.

Some other key findings from the study include:

  • Eighty-eight percent say they perform cybersecurity assessments at least once yearly. Of the 88 percent, 43 percent conduct them at least once a year, 16 percent conduct them quarterly and 18 percent conduct them monthly.
  • Two-thirds say they include email in their assessments, one-third sometimes include email and 2.5 percent never include email or are unaware if they do.
  • The top three cyber resilience strategies being taken by the respondents include preventing attacks (94 percent), training employees (90 percent) and securing email (77 percent), reports Health IT Security.

While the survey indicated large organizations have experienced more attacks in the past 12 months, they were more likely to include email in their cybersecurity assessment.

Of the organizations surveyed, 63 percent of large facilities have experienced both malware and ransomware in the last year, compared to 24 percent of intermediate facilities and 22 percent of small facilities.

“This study confirms that no healthcare provider is immune to this growing threat of email-related cyberattacks. While the results show that larger providers are being hit harder, especially with ransomware, these same organizations are also the ones leading the charge in defining industry best practices to address these threats,” says HIMSS Analytics senior director Bryan Fiekers.

Based on its research, Mimecast says these five tips are the best ways to improve email security:

  1. Train employees on the risks inherent in email: real-time reminders are better than annual training.
  2. Analyze inbound attachments: with multiple AV engines, safe file conversion and behavioral sandboxing.
  3. Apply URL checking: at the time a user clicks, not when it enters the organization.
  4. Inspect outbound emails: for protected health information, other sensitive content and threats.
  5. Increase cyber resilience: against ransomware and other sources of data destruction with backup capabilities and continuity solutions.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Amy is Campus Safety’s Executive Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy has many close relatives and friends who are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

2 responses to “Study: 78 Percent of Healthcare Providers Reported Cyberattacks in Past Year”

  1. Mick says:

    Unfortunately this scary reality will only grow worse and worse. In fire service, it’s a terrifying reality if computers, phones or other technology are rendered inoperable. Every establishment or business should have a back up / non-tech plan ..

  2. […] have also been heavily targeted in the past decade. A 2017 report conducted by Mimecast and HIMSS Analytics found 78% of its senior IT respondents had experienced email-related cyber attacks at their […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference promo