Executive Summary
Claroty, in its 2023 Global Healthcare Cybersecurity Study, unveils unsettling revelations about the state of cybersecurity within the healthcare sector. This independent, global survey involves 1,100 professionals in various roles such as cybersecurity, engineering, IT, and networking. According to the study, 78% of healthcare organizations have experienced at least one cybersecurity incident over the past year, affecting various aspects from IT systems to patient care.
Surge in Cyberattacks: Claroty’s Findings
Claroty’s comprehensive study reveals that a staggering 78% of healthcare organizations have fallen victim to at least one cyber-attack in the last year. The targets are diverse, ranging from IT infrastructure to sensitive data and medical devices. Financial losses were primarily between $100,000 and $1,000,000 USD, with an alarming 26% of organizations having paid ransoms to recover from these attacks.
Detrimental Impact on Patient Care
What stands out in Claroty’s 2023 Global Healthcare Cybersecurity Study is the ripple effect of these cyber incidents on healthcare service delivery. A concerning 60% of respondents cited a moderate to substantial impact, while 15% described severe repercussions that compromised patient health and safety.
The Role of Regulatory Frameworks
According to Claroty’s study, healthcare organizations globally consider the NIST and HITRUST Cybersecurity Frameworks pivotal to their cybersecurity strategy. Mandatory incident reporting is also a critical factor that is shaping how organizations approach cybersecurity.
Recruitment Challenges and Cost-Saving Strategies
Claroty’s report also explores the labor market for cybersecurity experts within the healthcare sector. Although over 70% of organizations are actively hiring, 80% acknowledge the difficulty in finding skilled candidates. However, on a positive note, many see device utilization optimization as a promising avenue for reducing costs.
Conclusion
Claroty’s 2023 Global Healthcare Cybersecurity Study serves as a crucial alarm bell for the healthcare sector. With an increasing number of cyber threats that are becoming more complex and impactful, the study calls for healthcare organizations to significantly reinforce their cybersecurity measures to protect institutional assets and, more importantly, patient health and safety.
*For more in-depth insights, download the full report “The Global Healthcare Cybersecurity Study 2023” from Claroty.*
Note: This news article aims to summarize and contextualize the findings from Claroty’s 2023 Global Healthcare Cybersecurity Study for those interested in the cybersecurity landscape within the healthcare sector.
“This attack further proves that no one should consider themselves safe from being targeted. We live in a world where every organization can and will be breached, and the only solution is to focus on proper operational resiliency, business resiliency, and business continuity. As part of this, visibility and observability into anomalies on the network and the early detection of the digital exhaust from a breach is critical so that an attack can be detected, mediated, and rendered inert before widespread damage ensues. CISA and the NSA don’t just recommend Protective DNS for governments and critical infrastructure — it’s increasingly clear that this is a vital component for every organization and network.”
“With 78% of healthcare operators reporting at least one cybersecurity incident in the past year, this is a full-on battle. Ransomware attacks on healthcare facilities pose a grave threat to public health and safety. These assaults not only shut down delivery of critical medical services, causing delays in essential surgeries and treatments that jeopardize patients’ lives, but they also breach the sanctity of sensitive patient data. The aftermath of such attacks can be catastrophic, leaving hospitals grappling to recover their data and regain control over their systems. Whether the ransom is surrendered or not, the toll in both financial losses and compromised patient care deals a crippling blow to these already strained institutions.
Hospitals and healthcare organizations have a bullseye painted on them in the eyes of cybercriminals. A heavy reliance on technology to manage a huge range of functions, from patient records to surgical equipment, provides a vast attack surface of uniquely susceptible targets. This vulnerability is further exacerbated by their meager resources allocated for bolstering cybersecurity defenses. However, with ransomware showing no sign of abating, it is imperative to invest in countermeasures that can stop these attacks without necessitating a complete shutdown of IT systems and healthcare services. A good Ransomware containment defense and off-site backups are table stakes.”