Healthcare Sector Among Most at Risk from Social Engineering

SecurityScorecard is out with its 2016 Healthcare Industry Cybersecurity Report, and it paints a grim picture about how vulnerable healthcare entities are to socially engineered schemes. CEO Aleksandr Yampolskiy shares insight from the study.

How low does healthcare score? Out of 18 industry sectors reviewed, healthcare placed 15 as one whose employees are most susceptible to fall for socially engineered schemes.

"This clearly suggests that there is a bigger security awareness problem among the personnel of healthcare organizations," says Yampolskiy.

Other causes for concern:

The healthcare industry falls below the industry average in six out of 10 critical security categories measured by SecurityScorecard; 63 percent of the 27 largest hospitals in the U.S. received a letter grade of C or lower for prompt patching of IT systems. Healthcare IoT devices - including patient medical devices - are particularly vulnerable to malware infection.

"We've seen all kinds of endpoints, including the IoT devices, emanating signatures of malware because they were infected," Yampolskiy says. "The bad guys are going to compromise those devices more and more, and the healthcare sector is very much affected."

In an interview about the 2016 Healthcare Industry Cybersecurity Report, Yampolskiy discusses:

Key findings from the study; How healthcare entities are responding to their unique security challenges; How SecurityScorecard helps organizations understand and improve their security posture.

Yampolskiy is the co-founder and CEO of SecurityScorecard, the leading security ratings and continuous risk monitoring platform. SecurityScorecard actively monitors over 100,000 companies, 200% more than any other security rating service. Nearly 200 enterprises rely on SecurityScorecard to monitor third party risk.

Previously he was a CTO of Cinchcast and BlogTalkRadio. BlogTalkRadio is the largest online radio network averaging over 40 million visitors a month. Prior to Cinchcast, Alex was Head of Security and Compliance at Gilt Groupe companies, responsible for all aspects of IT infrastructure security, secure application development, and PCI compliance.

Before that he worked at Goldman Sachs, Oracle, and Microsoft, where he was a lead technologist building large scale, enterprise software focused on IDM, SSO, authentication and authorization. He's been cited in New York Times, ComputerWorld, Observer, and other media. He's a published author and speaks regularly on security and software development processes.