Unveiling the true cost of healthcare cybersecurity incidents

As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity breach in healthcare are not only measured in compromised data but also in jeopardized patient safety and trust.

In this article, you will find excerpts from cybersecurity-focused surveys conducted in the healthcare sector we covered in 2023. By utilizing this data, your security team will acquire insights that can contribute to the improvement of future security strategies.

Healthcare’s road to redefining cybersecurity with modern solutions

The overall number of ransomware attacks against healthcare organizations surveyed declined from 66% in 2022 to 60% this year. Compromised credentials were the number one root cause of ransomware attacks against healthcare organizations, followed by exploits.

Cyberattacks on healthcare organizations affect patient care

The average total cost of a cyberattack experienced by healthcare organizations was $4.99 million, a 13% increase from the previous year. Among the organizations that suffered the four most common types of attacks—cloud compromise, ransomware, supply chain, and BEC — an average of 66% reported disruption to patient care.

Rising cyber incidents challenge healthcare organizations

Healthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to Claroty. Threat actors are not only targeting IT systems, but have now set their sights on cyber-physical systems – from IoMT devices, to building management systems such as elevators and HVAC systems – which are considered critical to maintain a safe environment for patient care.

Healthcare organizations in the crosshairs of cyberattackers

While the healthcare industry is not alone in facing an elevated threat landscape, the consequences of attacks in this sector can be severe, even fatal. Adversaries are highly motivated by financial gains and continuously refine their techniques to surpass existing defenses.

Connected medical devices are the Achilles’ heel of healthcare orgs

53% of healthcare IT staff rate the cybersecurity threat level in the industry as high or extreme, yet many healthcare organizations are not taking the necessary steps to protect medical IoT devices. Alarmingly, 57% do not always change the default username and password for each new connected medical device that is put into use.