As per a recent insight, a significant 78% of healthcare organizations worldwide encountered at least one cybersecurity incident within the past year. This study involved interviews with 1,100 cybersecurity professionals from healthcare institutions spanning Europe, North America, South America, and Asia. These experts shared insights into the repercussions of cyber incidents on healthcare facilities.
Among those healthcare organizations affected, 61% reported that these incidents had a notable impact on the delivery of care. Moreover, an additional 15% stated that these incidents had severe consequences on patient health and safety globally.
In approximately 30% of these global incidents, only IT systems suffered the brunt of the attacks. However, in another 30% of cases, critical medical devices such as MRIs and infusion pumps fell victim to cyber incidents, potentially endangering patient care.
Furthermore, 27% of these incidents targeted Building Management System (BMS) devices, including elevators, ventilation controllers, and security cameras, thereby escalating infrastructure vulnerabilities and potentially causing delays in life-saving medical treatment.
Personal health insurance information and sensitive data were compromised in 30% of cases, posing increased cybersecurity risks to both patients and staff.
Within healthcare cybersecurity, leaders expressed their primary concerns as ransomware (43%), insider threats (43%), supply chain attacks (41%), and Denial of Service (DoS) attacks (41%). This growing concern aligns with the surge in connected devices resulting from digital transformation, which increases the vulnerability of medical devices to cyber threats when not properly secured.
Globally, the report found that 38% of organizations had only basic network segmentation or none at all, exposing them to significant risks. In Europe, 57% of organizations claimed to have proactive vulnerability management strategies for medical devices, while 5% had none in place, and 12% adopted a reactive approach.
Encouragingly, cybersecurity is gaining prominence in healthcare organizations, with 54% of European institutions reporting an increased security budget over the past year. This is in line with European organizations identifying “lack of overall budget” as a top gap in their threat preparedness.
A majority of European organizations (58%) reported that their security posture had improved in the past year, with only 18% noting a decline and 23% indicating no change. Looking forward, European respondents expressed a desire for their organizations to focus on identifying vulnerabilities (22%), employee training (18%), and monitoring network traffic and device behavior (16%) to enhance their cybersecurity efforts.
Notably, 78% of respondents highlighted that their most significant gap in defenses pertains to patching vulnerabilities in medical devices. There is a huge need for comprehensive support from the cyber industry and regulatory bodies to protect medical devices and ensure patient safety within the healthcare sector.