Endpoint data loss, excessive user permissions, and dormant accounts make up 70 percent of all high and critical risk scenarios for laptop vulnerabilities at hospitals and health systems across the country, according to new findings released by the Clearwater CyberIntelligence Institute (CCI), which leverages insights from Clearwater’s proprietary database—the industry’s largest and most complete database focused exclusively on the unique cybersecurity risk profiles of hospitals, Integrated Delivery Networks (IDNs) and business associates.
Despite efforts to make laptops more secure, the CCI study found they remain a Top 10 cybersecurity risk for hospitals and health systems. Upon further study, CCI found that the No. 1 vulnerability among laptops — endpoint data loss — remains so high because of continued deficiencies in these important controls:
- 98.9 percent of laptops have deficiencies in locked down external ports (USB, CD, DVD, Firewire, etc.), which prevent users from exporting sensitive data to external storage media.
- 63.3 percent of laptops have deficiencies of users storing data locally rather than accessing the organization’s programs and data via secure, virtual desktop software (such as Citrix Virtual Apps, Desktop or VMWare Horizon).
- 52.7 percent have deficiencies in data loss prevention tools, which are designed to scan all communications traffic to keep sensitive data from being sent to unauthorized users.
“It may seem like a given, but the questions that hospitals and health systems need to be constantly considering are, do we know for certain that the security measures we have adopted for these things have been properly implemented,” said Clearwater’s Jon Stone, who leads CCI and serves as senior vice president for Product Innovation. “Further, do the risk ratings associated with these controls bring the right level of attention to these major risks?”
See the complete the findings and learn how to address these high-risk factors here.
