80% of healthcare firms hit by cyber attacks

Nearly 80% (78%) of healthcare organisations experienced a cyber attack in the past year, according to a new study by cyber security firm Claroty.

The report – Global Healthcare Cybersecurity Study 2023 – surveyed 1,100 cyber security, engineering, IT, and networking professionals from healthcare organisations worldwide.

According to the findings, almost half (47%) of healthcare organisations cited at least one cyber attack affecting systems including medical devices and building management systems, and 30% said the attacks compromised sensitive data.

Additionally, more than 60% of organisations said that the cyber attacks impacted patient care, of which 15% rated the impact ‘severe’ – just two months ago HCA Healthcare’s data breach leaked around 11 million patients’ data.

Of the respondents that were victims of ransomware attacks, Claroty’s study found that more than a quarter made payments, and in the past year a third of healthcare organisations that experienced a cyber attack incurred costs of more than $1 million.

According to Yaniv Vardi, CEO of Claroty, the healthcare industry has a lot working against it on the cybersecurity front – “a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage.”

The study suggested that more than 70% of healthcare organisations are looking to hire cyber security roles, and 80% of these organisations are finding it difficult to source qualified candidates that have the skills and experience to manage a healthcare network’s cybersecurity.

Vardi said it’s clear that healthcare organisations need more support from the cyber industry and regulatory bodies to defend medical devices from threats.

Nearly 30% of healthcare organisations said current government policies and regulations require improvement or do nothing to prevent a cyber attack.

Almost half (44%) of organisations also cited regulatory developments such as mandated incident reporting as the most influential external factor to an organisation’s overall security strategy – something that governments may need to consider.

Despite these gaps, 59% of healthcare firms on a global basis and 79% in South America said their security has improved, citing technology solutions as the key contributing factor, followed by budget.

Following a cyber attack just over half (52%) of respondents reported an increase in their security funds.

In May this year a new advisory council was formed to help combat the growing security challenges.

To read about other healthtech news, click here.