Cybersecurity is the news trend that just won’t stop trending. In the past couple of weeks, T-Mobile announced there was a breach and some unauthorized access occurred, although the extent to which it occurred is still under investigation. All industries are at risk, but some seem to be more affected than others. Healthcare, unfortunately, has been taking a cyberthreat beating since the pandemic began in early 2020, and the trend doesn’t seem to be over so far in 2021.
In June, HHS (the U.S. Dept. of Health and Human Services) released its Ransomware Trends 2021 report, which revealed that of the 82 global ransomware incidents in the healthcare sector between January and mid-May 2021, 48 of these incidents impacted the U.S.’s health sector. That’s about 60% affecting the U.S., with the other 40% affecting the rest of the world. California was the U.S. state with the highest number of ransomware-in-healthcare incidents during the first half of 2021, followed by Texas, Georgia, Illinois, and Louisiana. Health and medical clinics bore the brunt of the impact, followed by the healthcare industry services sector, hospitals, pharmaceutical, and elderly care.
These incidents are costly, to say the least. IBM released survey results in July saying that data breaches across all industries cost companies $4.24 million per incident on average, and IBM says that’s the highest it’s been during the company’s 17-year report history. In healthcare, IBM’s data says breach costs surged. Healthcare breaches cost the most compared to other industries represented in the survey at $9.23 million per incident—a $2 million increase over the previous year.
A new joint report from CyberMDX, a cybersecurity provider for IoT (Internet of Things) and medical devices, and Philips suggests healthcare organizations are facing an unprecedented level of cybersecurity challenges, and the cybersecurity reality in hospitals doesn’t align with perception. The research suggests ransomware is a force to be reckoned with, and almost half (48%) of hospital executives reported a shutdown in the past six months (including both forced and proactive shutdowns) due to external attacks or queries. Of those that had shut down because of external factors, mid-sized hospitals averaged nearly 10 hours of shutdown time, costing them $45,700 per hour, while larger hospitals reported an average shutdown time of 6.2 hours, costing $21,500 per hour.
Unfortunately, only about one in 10 respondents (11%) in the CyberMDX survey categorized cybersecurity as a high-priority spending category. More than half (52%) admit their hospitals aren’t protected against known vulnerabilities like Bluekeep, WannaCry, and NotPetya. And hospitals are not using the technologies they could be using to strengthen their cybersecurity. For instance, the study found 65% of hospital IT teams rely on manual methods for inventory calculations, and 13-15% (depending on the size of the hospital) say they have no way of determining the number of active or inactive devices within their networks.
No organization wants to face a breach, but hospitals and other players in the healthcare industry are particularly vulnerable because of their role in caring for patients and keeping patients’ sensitive health data safe. Cyber criminals are perfectly aware of where they can do the most damage, though, and therefore it’s beyond important for the healthcare sector to do better in protecting itself from cyber threats. It’s clear that attacks are happening and that they’re costly in more than one way, but the research also shows that hospitals and other healthcare organizations aren’t investing in cybersecurity like they should be. What kind of wake-up call will it take?
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #infrastructure #cybersecurity #healthcare #hospitals #ransomware #cyberthreats