81% healthcare companies have had a data breach

According to a report released by KPMG, only 66% of the insurance executives and 53% of hospital executives said they said that they were prepared for an attack. And 16% said they cannot detect an attack in real time.

Findings reveal that many organizations are not collecting data on attacks or managing them effectively. They might also be under reporting the number of actual breaches, as well. According to the survey, 15% of healthcare organizations do not have a leader whose sole responsibility is information security. And 23% do not have a security operations center to identify and evaluate threats. In addition, 55% say they have a hard time staffing their organization, said Bell. Another issue could be a disconnect with a senior leadership of these companies.

According to another recent KPMG survey, 92% of CEOs said that their companies are fully prepared to deal with a cyberattack. On a positive note, 85% of hospital boards and 89% of insurance company boards have discussed cybersecurity in the past year. In addition, 86% of hospitals and 88% of insurance companies have increased spending on cyber security in the past 12 months.

Most problematic is managing vendor security risks, where only 35% of respondents said that they had adequate resources. In addition, only 53% said they had adequate resources to monitor for data leakage, and 55% for handling security incidents.