Nearly 80% (78%) of healthcare organisations experienced a cyber attack in the past year, according to a new study by cyber security firm Claroty.
The report – Global Healthcare Cybersecurity Study 2023 – surveyed 1,100 cyber security, engineering, IT, and networking professionals from healthcare organisations worldwide.
According to the findings, almost half (47%) of healthcare organisations cited at least one cyber attack affecting systems including medical devices and building management systems, and 30% said the attacks compromised sensitive data.
Additionally, more than 60% of organisations said that the cyber attacks impacted patient care, of which 15% rated the impact ‘severe’ – just two months ago HCA Healthcare’s data breach leaked around 11 million patients’ data.
Of the respondents that were victims of ransomware attacks, Claroty’s study found that more than a quarter made payments, and in the past year a third of healthcare organisations that experienced a cyber attack incurred costs of more than $1 million.
According to Yaniv Vardi, CEO of Claroty, the healthcare industry has a lot working against it on the cybersecurity front – “a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage.”
The study suggested that more than 70% of healthcare organisations are looking to hire cyber security roles, and 80% of these organisations are finding it difficult to source qualified candidates that have the skills and experience to manage a healthcare network’s cybersecurity.
Vardi said it’s clear that healthcare organisations need more support from the cyber industry and regulatory bodies to defend medical devices from threats.
Nearly 30% of healthcare organisations said current government policies and regulations require improvement or do nothing to prevent a cyber attack.
Almost half (44%) of organisations also cited regulatory developments such as mandated incident reporting as the most influential external factor to an organisation’s overall security strategy – something that governments may need to consider.
Despite these gaps, 59% of healthcare firms on a global basis and 79% in South America said their security has improved, citing technology solutions as the key contributing factor, followed by budget.
Following a cyber attack just over half (52%) of respondents reported an increase in their security funds.
In May this year a new advisory council was formed to help combat the growing security challenges.
To read about other healthtech news, click here.
