Attacks and Vulnerabilities
Critical infrastructure
Industrial Cyber Attacks
Medical
News
Threat Landscape

WEF highlights healthcare sector bears ‘highest price’ of cyberattacks, emphasizes prioritizing cyber resilience

February 05, 2024
WEF highlights healthcare sector bears ‘highest price’ of cyberattacks, emphasizes prioritizing cyber resilience

The World Economic Forum (WEF) outlined that in the current healthcare landscape, interconnected systems and networks play a crucial role in delivering efficient services. However, this interconnectedness poses a risk, as a security breach in one part of the network can have far-reaching consequences for the entire healthcare infrastructure. It is imperative to prioritize cyber resilience to ensure uninterrupted operations and prevent widespread failures. 

Cyberattacks on healthcare systems directly impact patient safety and must be addressed accordingly. The sector has been rapidly adopting digital technologies such as electronic health records (EHRs), telemedicine, and Internet of Things (IoT) devices. While these technologies bring numerous benefits, they also expand the attack surface, providing more entry points for cybercriminals. 

“The healthcare industry has become a prime target for cybercriminals due to the vast amount of sensitive patient data it holds and the criticality of its operations,” Kesang Tashi Ukyab, lead for Cyber Resilience of Electricity at WEF, and Filipe Beato, lead at Centre for Cybersecurity at WEF, wrote in a post last week. “In 2023, the healthcare industry reported data breaches costing an average of $10.93 million per breach — almost double that of the financial industry, which came in second with an average cost of $5.9 million. Cyberattacks on healthcare organizations can put patients’ lives and entire organizations at risk.”

They added that the disruption of critical healthcare services, manipulation of medical records, or unauthorized access to medical devices can put patient lives at risk. Cyber resilience measures are essential to safeguard patient safety and prevent harm.

In 2023, for the 13th year in a row, the healthcare industry reported the most expensive data breaches, at an average cost of US$10.93 million, which is almost double that of the financial industry, which came second with an average cost of $5.9 million. Protecting these digital assets is essential to maintaining the confidentiality, integrity, and availability of patient information.

Identifying that healthcare providers hold a position of trust in society, the WEF post added that the extraordinary degree of sensitivity of the data, and the high degree of public expectations towards the sector, means that any compromise of patient data or disruptions in services erode this trust and can damage the reputation of healthcare organizations. Cyber resilience is essential for maintaining the confidence of patients, partners, and the public.

The WEF post added that the convergence of increased cyber threats, digitization of healthcare, interconnected systems, patient safety concerns, regulatory requirements, financial implications, and the importance of maintaining public trust collectively underscore the critical need for cyber resilience in the healthcare sector.

Given the criticality, scale, and interconnectedness of the healthcare industry, it is clear that no single organization or government entity can tackle the issue of cybersecurity alone. A collaborative and systemic approach within the ecosystem is key — cyber resilience must be viewed beyond just the confines of any one organization.

The WEF said that public and private sector collaboration is crucial for building cyber resilience in the healthcare industry. Taking a systemic approach to cybersecurity involves recognizing that the healthcare ecosystem is an interconnected network of organizations, technologies, and individuals. Building cyber resilience requires not only protecting individual entities but also ensuring the robustness of the entire ecosystem to withstand and recover from cyber incidents.

During the ‘Cyber Insecurity, Analysed’ workshop at this year’s Annual Meeting in Davos, the focus was on three key priorities. These include educating boards and engaging leadership on the importance of cyber resilience; building relationships and communities between organizations to secure the ecosystem, and developing an industry playbook that includes shared practices amongst the different stakeholders.

These findings are relevant to the healthcare industry and directly contribute to making it more cyber-resilient.

The WEF post pointed out that its Cyber Resilience Initiative across industries enhances resilience by: 

  • Building awareness among leaders: Educating and creating awareness among decision-makers to reinforce the vital importance of cybersecurity as a strategic priority.
  • Mobilizing action to secure the digital transformation: Fostering discussions to mobilize action and commitment to enable a safe and resilient digital transformation of industries.
  • Developing thought leadership, tools, and capabilities: Generating insights, capabilities, and tools to embed cybersecurity aligned with strategic trends and best practices.

Last month, the WEF published its Global Cybersecurity Outlook (GCO) 2024, a collaborative effort with Accenture. The report analyzes upcoming cybersecurity trends and their potential impact on economies and societies. It also sheds light on significant findings, emphasizing the growing cyber inequity and the profound influence of emerging technologies.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation