Some 67% of healthcare organisations suffered a cyber security incident in the past 12 months, according to new data from security provider, Clearswift.

In the same survey, Clearswift found that almost half (48%) of incidents reported occurred as a result of introduction of viruses/malware from third party devices–including internet of things (IoT) devices and USB sticks.

With investment in IoT within healthcare expected to continue growing throughout 2020, it is particularly important that the industry focuses on securing such devices, said Clearswift.

Clearswift said the statistics highlight the serious threat that data breaches and malicious attacks pose to the UK’s health-related data.

The survey also found that further causes of cyber security incidents within the healthcare sector included employees sharing information with unauthorised recipients (39%); users not following protocol/data protection policies (37%), and malicious links in emails and on social media (28%).

In addition, less than a quarter (24%) of respondents said they had an adequate level of budget allocated to cyber security.

33% of those surveyed stated that ransomware attacks–such as the WannaCry incident that took place across the NHS in 2017–have had the biggest impact on board level involvement and spend around cyber security. 

Alyn Hockey, vice president of product management at Clearswift, said: “The healthcare sector holds important patient data, so it is alarming to see such high numbers of security incidents occurring in the industry. The healthcare sector needs to securely share data across departments and organisations in order to facilitate excellent patient care.”

“With the proliferation of third-party devices in this process, it’s more important than ever that the industry bolsters its cyber security efforts to reduce the risk of everything from unwanted data loss to malicious attacks and focuses on keeping patient data safe and secure.”

He added: “Understanding what is threatening the safety of the critical data you hold is the first step in mitigating the risk. Therefore, cyber security strategies across healthcare organisations need to rapidly evolve to account for new threats against the sector. While many aspects of staying secure come from keeping employees trained to recognise threats, technology should play a key role in helping reduce the risks that come with innovation.”