In a poll of 535 healthcare IT and IT security practitioners, 48 percent said their organization had a breach involving loss or exposure of patient information in the past year. They cited some of their biggest threats as:

• System failures
• Unsecured medical devices
• Identity thieves
• Unsecured mobile devices.

Despite the widespread publicity about insecure medical devices, however, only 27 percent of respondents said their organization includes medical devices in its cybersecurity strategy.

Other findings from the report include:

• Exploits of existing software vulnerabilities and Web-borne malware attacks are the most common security incidents.
• On average, organizations have an advanced persistent threat (APT) incident every three months, yet only 26 percent said their organizations have systems and controls in place to detect and stop them.
• Sixty-three percent of respondents said the primary consequences of APTs and zero-day attacks were IT downtime, followed by the inability to provide services. Forty-four percent said these incidents resulted in the theft of personal information.
• Only 33 percent of respondents rate their organizations' cybersecurity posture as very effective.

Read more from the article by FierceHealthIT: http://www.fiercehealthit.com/story/report-healthcare-cyberattacks-occur-almost-monthly/2016-03-02