Healthcare Cybersecurity: Growing Issue Needing Quick Action


The report from the 10th annual Black Book Research State of the Healthcare Cybersecurity Industry goes on to reveal insights that have been received from 2,797 CISOs, CIOs, data security professionals, and patient data privacy professionals assessing user satisfaction with more than 400 software, service, and consulting firms. Apart from this, 1,959 healthcare consumers happened to be polled to supplement external perceptions as well as confidence in their providers’ and also payers’ efforts in order to protect consumer as well as organizational data.

Another Q3 2023 survey pertaining to hospitals and physician practices conducted by Black Book went on to caution that many cybersecurity solutions that were acquired before 2023 may now as well be outdated and hence would be ineffective when it comes to hacks and breaches that one may come across in 2024.

This indeed poses quite a threat to marginally performing providers, who may as well close down because of the financial strain as well as reputational damage caused by these incidents involving cybersecurity. Apart from this, the widespread use of remote access systems, dependence when it comes to third-party IT solution providers, and the growth in virtual patient consultations go on to create more susceptibilities, enabling cyberattacks to make inroads in healthcare technology platforms.

It is worth noting that in 2022, the average ransom payment happened to be under $6,000. But by 2023, there happened to be a whopping 25,000% surge, with average payments skyrocketing to almost $1.5 million. This astounding rise in profits enabled the ransomware groups to broaden their operations, pay the initial access brokers, and at the same time acquire zero-day vulnerabilities, hence enabling more attacks.

Consequently, healthcare cybersecurity vendors as well as the advisory market are all set to experience substantial growth, with providers as well as payer IT professionals planning strategic funding exceeding $140 billion by 2025. This growth happens to be driven by the rising cyberattacks that target health systems and payers throughout the first two quarters of 2024.

Notably, the ransomware attacks on U.S. healthcare providers went on to hit a staggering $28.2 billion in terms of costs in 2022, whereas the security breaches alone went ahead and incurred a massive $7.3 trillion for healthcare companies by the end of Q3 2023.

2023 saw a prominent surge in ransomware attacks that targeted the healthcare sector. 46 hospital systems went on to be victims of such attacks, which was a prominent increase from 25 in 2022 and 27 a year before that.

These attacks directly went on to affect a minimum of 141 hospitals, thereby leading to disruptions because of patient unavailability as well as IT systems.

Apparently, the average cost of healthcare data breaches went on to touch an all-time high in 2023; the average expenditure came to $11 million, which marked a rise of 53% ever since 2020. Notably, 33 out of 46 attacks on the health system resulted in sensitive data theft, which included health information.

Apparently, the documented data breaches within medical practices as well as physician groups grew 72% from 2019 to 2022, with hospitals as well as health systems experiencing a 59% surge over the same period. Apart from this, 82% of IT managers went on to report numerous ransomware hits on their organizations, and that too in 2023 alone.

There has been a loss of $872 million due to the 2024 ransomware attack on Change Healthcare, which happens to be owned by UnitedHealth Group. Change Healthcare, along with UHG subsidiary Optum, went ahead and took hundreds of providers offline because of the incident. They even went on to face criticism from the White House as well as Congress when it came to handling the ransomware attack.

The Black Book study states that healthcare breaches go on to cost an average of $697 per record, thereby cutting the highest ever figure across the sectors for a decade. This amount happens to be over four times the cross-sector average, hence highlighting the significance of cyber data security when it comes to providers as well as payer sectors.

As per the President of Black Book Research, Doug Brown, the consequences of the recent ransom attack on the nation’s largest clearinghouse vendor happen to go beyond just disrupting the part of claims processing; it disrupts the important processes that are essential for maintaining patient care. Such kinds of tangible effects on human health highlight the urgent need when it comes to complete cybersecurity steps throughout the entire gamut of healthcare.

In another survey pertaining to healthcare consumers, 91% went on to express a feeling of heightened anxiety with regards to external entities’ probable misuse of health information.

Current security risks have also led to 79% of consumers feeling a bit of reluctance to share health data electronically because of privacy concerns. The fact is that the confidence of consumers in medical organizations’ compliance with HIPAA guidelines as well as data privacy happens to be very low, with just 8% having a high level of confidence.

Moreover, 97% of healthcare consumers go on to harbor certain levels of skepticism about the efficacy of current government regulations when it comes to safeguarding health data. 22% of consumers would look into switching to a provider for data privacy protection if in case they were able to compare or verify their respective data protection technologies.

It is estimated that 90% of the chief information security officers- CISOs go on to believe that software and service vendors happen to fail to adequately address cybersecurity processes, hence hindering user improvement for healthcare sector clients.

There happen to be 86% of IT professionals within health plans who agree with the sentiment that data attackers happen to be outpacing organizations, hence holding payers to a continued disadvantage when it comes to responding to vulnerabilities all across 2024.

As per the president of Black Book™, Doug Brown, most of the health systems CISOs and CIOs happen to be compelled to embrace the next-gen cybersecurity tools as well as solutions so as to safeguard the data of the organizations and also maintain their financial viability.

The sector faces a rising threat spectrum, such as ransomware, malware, breached records, concerns over patient privacy, phishing attacks, and cyber threats, specifically due to the rising adoption when it comes to telehealth, remote patient monitoring, etc.