Health care cybersecurity challenges increase as threats rise

Health care continues to be a hacking target: ©Pro stock studio - stock.adobe.com

In a recent report conducted by the Ponemon Institute for Proofpoint, researchers found that the health care industry faces a growing challenge from cybersecurity threats. According to the study, which surveyed 653 healthcare IT and security practitioners, 88% of respondents reported experiencing an average of 40 cyber attacks within the past 12 months. The financial impact of these attacks is equally concerning, with the average total cost of successful cyberattacks reaching nearly $5 million.

The consequences of these attacks are far-reaching and have a profound impact on patient care. Among the key findings:

• Patient Care Disruptions: 66% of respondents reported disruptions to patient care as a result of cyber attacks, highlighting the significant implications for health care providers.
• Poor Patient Outcomes: 57% observed poor patient outcomes due to delays in medical procedures and tests, underlining the critical nature of timely health care services.
• Medical Complications: 50% of respondents saw an increase in medical procedure complications, a concerning trend that poses risks to patient safety.
• Increased Mortality: 23% claimed that cyber attacks led to an increased patient mortality rate, underscoring the life-and-death stakes involved.

All organizations surveyed had experienced at least one data incident involving confidential health care data within the past two years. Malicious insiders were identified as the most likely culprits by 32% of the respondents.

Challenges in the health care sector's ability to address these threats were also revealed. The study found that 58% of survey respondents cited a lack of cybersecurity expertise as one of their most significant challenges. Additionally, 50% mentioned insufficient staffing as another major obstacle.

Ryan Witt, chair of the Healthcare Customer Advisory Board at Proofpoint, emphasized that the majority of health care providers are relatively small to midsized organizations that allocate most of their resources to patient care.

“Hospitals and health care organizations are particularly attractive targets for cybercriminals, and their reliance on technology to manage everything from patient records to surgical equipment makes them uniquely vulnerable,” said Jan Lovmand, CTO of cybersecurity firm BullWall, in a statement. “This is compounded by their limited resources to invest in cybersecurity measures. But with ransomware continuing to be a significant threat to these organizations, investments must be made to contain these attacks, eliminating the need to resort to a complete shutdown of IT systems, and health care services.”

Emily Phelps, director of cybersecurity firm Cyware, said that health care organizations will continue to be an attractive target because of the valuable data they collect and store.
“Adversaries far outnumber available cybersecurity pros so to mitigate the risks; health care organizations must leverage automation tools that enable lean security teams to efficiently address threats; employees should have regular security awareness training so they are prepared to recognize and avoid common threat tactics; and organizations should consider partnering with security providers that can offer expertise that is difficult to source and retain internally,” Phelps said in a statement.