The healthcare industry has gone on to become the prime target when it comes to cybercriminals due to the massive amount of sensitive patient data it goes on to holds and the criticality of its functions.
The sector has been in a rapid way going ahead and adopting digital technologies like electronic health records- EHRs, telemedicine, as well as Internet of Things-IoT devices. While these technologies go ahead and bring numerous benefits, they also broaden the attack surface, thereby offering more entry points for cybercriminals.
Last year, apparently for the 13th year in a row, the healthcare sector went on to report the costliest data breaches, at an average expenditure of $10.93 million, which is approximately double that of the financial industry, which happened to come in second with an average cost of $5.9 million. Safeguarding these digital assets happens to be essential in order to maintain the confidentiality, integrity, as well as availability of patient data.
Modern healthcare systems as well as cyber resilience
Modern healthcare depends on interconnected systems as well as networks in terms of efficient delivery of services. The interconnected nature of such systems goes on to mean that a security breach when it comes to one part of the network can potentially go ahead and compromise the overall healthcare infrastructure. Hence, making sure that cyber resilience happens to be essential for maintaining operations continuity and preventing cascading failures is indeed vital. Apparently, cyberattacks on healthcare systems can go on to have a direct implication when it comes to patient safety.
Disruption when it comes to critical healthcare services, manipulation in terms of medical records, or unauthorized access to medical devices can go ahead and put patient lives at risk. Cyber resilience steps are thereby a must so as to safeguard patient safety and at the same time prevent harm.
However, they are also existential risks to healthcare organizations. This had been demonstrated in June last year when St. Margaret’s Hospital in the US went on to become the first healthcare institution to permanently shut operations due, in part, to the fallout because of a ransomware attack. In the same month, HCA Healthcare, which goes on to operate 180 hospitals as well as 2,300 ambulatory sites, was breached, thereby affecting almost 11 million patients.
Between January 2020 and February 2021, of the total 293 breaches that were known to have exposed health records, 57.34% of the organizations that were affected happened to have publicly disclosed the total number of records that were exposed. The number of records that were exposed during this period reached a total of almost 106 million records. So, not taking into account duplicates, the equivalent of 1 in every 3 Americans may have had their health record breached in the 14 months that were analyzed.
It is well to be noted that in 2015, Anthem Inc. disclosed that hackers had stolen 79 million records containing patient and employee data. Compromised data goes on to include names, addresses, birth dates, Social Security numbers, insurance membership numbers, medical IDs, income data as well as employment information. It is interesting to note that Anthem faced several civil class-action lawsuits, which happened to be settled in 2017 at a cost of $115 million.
Healthcare providers go on to hold a position of trust in society. The extraordinary degree when it comes to the sensitivity of the data and the high degree of public anticipation towards the sector go on to mean that any compromise of patient data or even disruptions within services erode this trust and can as well damage the reputation concerning healthcare organizations. Cyber resilience is indeed essential when it comes to maintaining patients’ confidence as well as the faith of partners and the public.
The convergence of growing cyber threats, healthcare digitization, safety concerns, regulatory requirements, interconnected systems, patient financial implications, as well as the significance of maintaining public trust collectively go on to highlight the critical requirement for cyber resilience within the healthcare sector.
Why sector-wide cyber resilience holds the key
Given the importance, scale, as well as inter-connectedness of the healthcare industry, it is indeed clear that no single organization or government entity can go ahead and tackle the issue of cybersecurity single-handedly. A collaborative as well as systemic approach within the spectrum holds the key — cyber resilience must indeed be viewed beyond just the confines of any one organization.
Public as well as private sector collaboration is indeed critical when it comes to building cyber resilience within the healthcare industry. By way of adopting a systemic approach when it comes to cybersecurity, it goes on to involve recognizing that the healthcare ecosystem happens to be an interconnected network of organizations, technologies, as well as individuals. Building cyber resilience not only requires safeguarding individual entities but at the same time also ensuring the strength of the overall ecosystem in order to withstand as well as recover from cyber incidents.
Throughout the Cyber Insecurity, Analyzed workshop at the 2024 Annual Meeting in Davos, leaders happened to focus on three significant priorities: educating boards as well as engaging leadership on the significance when it comes to cyber resilience; creating relationships and also communities between organizations so as to secure the ecosystem; and at the same time developing a sector playbook that has in it shared practices among varied stakeholders.
It is well to be noted that these findings happen to be relevant to the healthcare industry and, in a way, go on to directly contribute to making it more cyber-resilient.
However, throughout other industries, too, there happen to be resources available so as to bolster cybersecurity. The Cyber Resilience Initiative from the World Economic Forum all across the industries goes on to elevate resilience by way of
- Creating awareness between leaders: educating as well as creating awareness among decision-makers in order to reinforce the major importance when it comes to cybersecurity as a strategic priority.
- Mobilizing action in order to safeguard the digital transformation: Fostering discussions in order to mobilize action as well as commitment so as to enable a safe as well as resilient digital transformation of industries.
- Developing thought leadership, tools, along with capabilities: Generating insights, capacities, as well as tools to embed cybersecurity in sync with strategic trends as well as best practices.
