Claroty finds that 78% of healthcare organizations experienced cyber incidents in past year, affecting patient care

Cyber-physical systems protection firm Claroty identified that healthcare organizations are facing myriad cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance. On a global basis, at least 78 percent of respondents experienced a minimum of one cybersecurity incident over the last year, while over 60 percent of respondents reported a moderate or substantial impact on care delivery, and another 15 percent reported a severe impact that compromised patient health and/or safety. The financial ramifications mainly fell in the US$100,000 to $1,000,000 range with 26 percent reporting paying ransoms.

Data from Claroty’s Global Healthcare Cybersecurity Study 2023 reveals priorities and challenges amid escalating cyber-physical connectivity. The study explores their experience with cybersecurity incidents over the past year, the state of their security programs, and future priorities.

Results showed that the healthcare sector remains a key target for ransomware, and many organizations are paying hefty sums; designated leadership for medical device cybersecurity is growing; and organizations have expanded cybersecurity budgets to further mitigate risk. It also identified that globally, cybersecurity regulations and standards are influencing strategy, and qualified healthcare cybersecurity professionals are difficult to find, with the demand for cybersecurity talent outpacing the available workforce. 

The study identified that 78 percent of respondents experienced a minimum of one cybersecurity incident over the last year; while 47 percent cited at least one incident that affected cyber-physical systems such as medical devices and building management systems. More than 60 percent reported that incidents caused a moderate or substantial impact on care delivery, and another 15 percent reported a severe impact that compromised patient health and/or safety. Further, 30 percent cited that sensitive data like protected health information (PHI) was affected.

Surprisingly, of the respondents who were victims of ransomware attacks, more than a quarter made ransom payments. Another noteworthy financial implication, more than a third of experiencing incidents in the past year incurred costs from the attack of more than $1 million. 

“The healthcare industry has a lot working against it on the cybersecurity front—a rapidly expanding attack surface, outdated legacy technology, budget constraints, and a global cyber talent shortage,” Yaniv Vardi, CEO of Claroty, said in a company release this week. “Our research shows that healthcare organizations need the full support of the cyber industry and regulatory bodies in order to defend medical devices from mounting threats and protect patient safety.”

Additional findings show that increased standards and regulations fuel stronger cybersecurity, but there’s more work to be done. Nearly 30 percent say current government policies and regulations require improvement or do nothing to prevent threats. Furthermore, NIST (38 percent) and HITRUST Cybersecurity Frameworks (38 percent) were selected by most respondents as important to their organizations, and 44 percent cite regulatory developments, such as mandated incident reporting as the most influential external factor to an organization’s overall security strategy.

The study also found that the cyber skills shortage is still a top challenge. It found that over 70 percent of healthcare organizations are looking to hire in cybersecurity roles, while 80 percent of those hiring say it’s difficult to find qualified candidates who have the skills and experience required to properly manage a healthcare network’s cybersecurity.

Earlier this month, Claroty announced that its Claroty xDome will power the operational technology (OT) module built into Deloitte’s expanded Managed Extended Detection and Response (MXDR) offering. The collaboration aims to deliver enterprise, cloud, and OT security operations center (SOC) services and will bring prevention, detection, and response capabilities to business-critical systems and assets across cyber-physical environments.

Industrial Cyber News Desk

Industrial Cyber News Desk