Is healthcare cybersecurity in critical condition?
This article highlights key findings and trends in healthcare cybersecurity for 2024. From the rising impact of cyberattacks on patient care to the vulnerabilities posed by medical devices and supply chains, these insights provide an overview of the current state of cybersecurity in the healthcare sector.
6 key elements for building a healthcare cybersecurity response plan
With 89% of practices already using tools like two-factor authentication (2FA), the importance of integrating robust cybersecurity software cannot be overstated. Healthcare providers must integrate advanced measures, including email security protocols, firewalls, and real-time threat detection systems, to ensure comprehensive protection against data breaches.
Data loss incidents impact patient care
92% of healthcare organizations experienced at least one cyber attack in the past 12 months, an increase from 88% in 2023, with 69% reporting disruption to patient care as a result. Concerns about insecure mobile apps (eHealth) have increased to become the top cybersecurity threat in healthcare, increasing from 51% in 2023 to 59% of respondents in 2024.
Insecure file-sharing practices in healthcare put patient privacy at risk
According to The HIPAA Journal, the healthcare industry experienced more data breaches in 2021 than any previous year. That upward trend has continued to rise. Not only did 2023 see a record number of data breaches, but also a record number of the “most breached records” with more than 133 million records exposed.
B+ security rating masks healthcare supply chain risks
The US healthcare industry’s security ratings were better than expected, with an average score of 88. However, there is still room for improvement: Organizations with a B rating are 2.9x times more likely to be victims of data breaches than those with an A rating. 35% of third-party breaches in 2023 affected healthcare organizations, outpacing every other sector.
Ransomware attacks impact 20% of sensitive data in healthcare orgs
A typical healthcare organization has more than 42 million sensitive data records — 50% more sensitive data than the global average of 28 million. Sensitive data records in observed healthcare organizations grew by more than 63% in 2023 — far surpassing any other industry and more than five times the global average (13%).
Only 13% of medical devices support endpoint protection agents
63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability. The consequences of potential failures caused by cybersecurity incidents that affect end-of-life patient devices—including infusion pumps, network modules, gateways, incubators, cardiac rhythm management systems, mobility monitors, and others—can impact patient safety.
Balancing AI benefits with security and privacy risks in healthcare
Along with the many benefits of AI and new technologies, healthcare organizations need to be aware of several security and privacy risks. As organizations obtain and store more PHI and sensitive patient data, the risks surrounding data breaches increase as these organizations become more valuable targets.