Report: 4 out of 5 large healthcare organizations faced cyberattacks in past two years

Only half of companies surveyed said they felt prepared to deal with cyberattack

A man walks past health insurer Anthem's corporate headquarters in Indianapolis in February 2015.
Michael Conroy, File/AP

Eight-one percent of America's major healthcare organizations have suffered at least one cyberattack in the past two years and many have to fight off cyberattacks every single day, according to a cybersecurity survey released by audit and advisory firm KPMG.

The firm polled 223 top executives at major hospitals and insurance companies, most of which had revenues of more than $1 billion per year. The findings: only half of those huge organizations feel like they are well-prepared to prevent an attack.

Thirteen percent says that they fend off a hacking attempt every day, and another 12 percent see at least two attacks per week.

"Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed," warned cybersecurity expert Michael Ebert in the report.

RELATED STORY: Experts warn that 2015 could be 'Year of the Healthcare Hack'

Greg Bell, leader of KPMG's Cyber Practice, compared the typical hacker to a "blood-sucking insect" in that they can absorb much valuable information before being detected.

“Healthcare organizations that can effectively track the number of attempts have less cause for worry than those who may not detect all of the threats against their systems," he said. "The experienced hackers that penetrate a vulnerable health care organization like to remain undetected as long as they can before extracting a great deal of content."

The most common kind of cyberattack is malware, which is software that attempts to gain access to private computer systems. Sixty-five percent of respondents said they had fought off malware attacks in the past two years.

Sometimes, the threat even comes from within. Twenty-six percent of respondents said they dealt with either botnets, where hackers hijack computers within the company, or internal attack vectors, where an actual employee breaches security measures.

ProPublica found that there have been more than 1,100 large-scale health data breaches since October 2009. The largest by far was a hack of insurance company Anthem which compromised almost 80 million accounts.

ProPublica created an app that allows you to see if a health care company has been hacked – assuming, of course, that the hack was publicized.