Healthcare Cybersecurity

What’s the Real State of Healthcare Cybersecurity? 3 Studies You Need to Know About

Recent statistics show an alarming rise in healthcare cyberattacks, with 90% of organizations breached in the last five years1 and industry costs in 2019 of $4 billion.2 An average data breach can cost up to $3.9 million. But for healthcare, that number soars to nearly $6.5 million.3

These realities challenge today’s healthcare organizations to get educated and proactive about cybersecurity. The good news? Such a hot topic draws attention and the issues are being studied in depth. Read on to find out what’s real, what the industry is learning, and what it means for your organization.

1. Healthcare cyberattacks are soaring.
Report: Malwarebytes Cybercrime Tactics and Techniques: the 2019 state of healthcare

Top takeaways

  • The medical sector is the seventh most-targeted industry. Endpoint threats spiked 60% in the first nine months of 2019, versus all of 2018, with 45% growth from Q2 to Q3 of 2019.
    Top attack types: Exploiting vulnerabilities in third-party vendor software; taking advantage of staff negligence 21% of healthcare employees write down their usernames and passwords near their computers4), user error (81% of healthcare internal breaches result from errors5), or poor patching; and delivering malicious attachments and links via phishing email (healthcare employees click on one out of every seven phishing email scams6).
  • Healthcare’s lucrative patient databases, often lacking sophisticated security for a high number of connected devices, are an attractive target.

Insights and implications

  • Breaches could disrupt day-to-day critical care, with potentially tragic consequences. And an environment of continual security threats could derail some of the most exciting advancements in medical technology, especially those that depend on IoT.
  • Biotech innovators must make security foundational to development of their products and services and organizations must evaluate purchase decisions with security top of mind, not an afterthought.
  • Administrators must ensure adequate budget to keep hardware, software, and training up to date.

2. Healthcare organizations are not prioritizing cybersecurity.
Report: Black Market Research Survey

Top takeaways

  • 96% believe hackers are outpacing healthcare security. Yet only 21% of hospitals have a dedicated security executive, and only 6% at the C level.
  • A third of hospital executives purchased cybersecurity solutions blindly and only 4% had a steering committee to assess their effectiveness.
  • 90% of IT security budgets have remained level since 2016.

Insights and implications

  • Organizations need top-level executives dedicated to cybersecurity and decisions should include key stakeholders.
  • Budget increases are critical to keep pace with mounting threats.
  • Legacy systems should be regularly updated and security practices must include regular patching.
  • Combining current threat response with artificial intelligence capabilities make response more proactive than it is today. Devices are now available with these capabilities for autonomous endpoint protection.

3. Hospital breaches affect patient outcomes.
Report: Data breach remediation efforts and their implications for hospital quality

Top takeaways

  • Health data breaches are associated with deterioration in timeliness of care and patient outcomes.
  • Consequences stem from the hospital’s response to the breach, not the breach itself.
  • The death rate among heart attack patients increased in the months and years after a data breach.

Insights and implications

  • While preventing future attacks should be a priority, remediation efforts must not impede the hospital’s ability to put patient care first.
  • New security policies, technologies, and procedures and must be thoroughly evaluated to ensure the hospital can deliver the same level of care as before the breach.

Here are a few more reports with insight to help your organization navigate the cybersecurity landscape and implement protection strategies.

Lenovo Health’s "Trends to Track" series highlights news and industry reports impacting healthcare decision makers, with a fresh look at current topics and trends. Be sure to check back for new stories.
And make it social by clicking on the social media icons at the top of the page!

Smarter heightens security.