Cybersecurity budgets are rising – but attack disruptions are too

In its third one year, healthcare cybersecurity research conducted by Ponemon Institute and Proofpoint aimed to search out out whether or now no longer the healthcare industry seen progress in retaining care birth within the face of 4 kinds of pervasive cyberattacks – cloud compromise, provide chain, ransomware and replace-e-mail compromise.

While respondents figured out that attacks had an immediate negative impact on affected person safety, fewer acknowledged that they didn’t agree with enough finances to red meat up cybersecurity posture, representing a 7% decrease in that metric from last one year’s outcomes. On the opposite hand, the number citing a lack of security leadership increased drastically since 2023 – from 14% to 49%.

“The top recordsdata, alternatively, is the healthcare industry appears to be to extra and extra watch the significance cybersecurity performs in affected person outcomes; on moderate, IT budgets agree with increased, and fewer IT practitioners enlighten that finances is a pickle in conserving their organization’s cybersecurity posture from being completely efficient,” acknowledged Larry Ponemon, chairman and founding father of the Ponemon Institute, acknowledged in a statement.

The frequent annual finances is up 12% one year-over-one year, and IT budgets agree with increased to a median of $66 million, per the document.

WHY IT MATTERS

For the mute document, Cyber Insecurity in Healthcare: The Cost and Affect on Affected person Safety and Care 2024, researchers surveyed 648 IT and IT security experts at U.S. healthcare organizations and figured out that 92% skilled now no longer now no longer as much as one cyberattack within the previous one year, up from 88% within the old one year.

The frequent series of cyberattacks that organizations acknowledged they skilled became once 40. When requested to estimate the single most costly cyberattack within the last one year, the frequent total value became once extra than $4.7 million – a 5% decrease from last one year.

Most healthcare organizations that skilled replace-e-mail compromise (69%) and ransomware (61%) reported delays in procedures and assessments, the researchers acknowledged. Longer lengths of stays, increased complications, affected person diversions and increases in mortality charges were moreover cited besides-known impacts one day of all kinds of cyberattacks analyzed. 

By manner of provide chain attacks, 68% of respondents acknowledged their organizations skilled now no longer now no longer as much as one, and 82% of these organizations reported affected person-care disruptions, up 5% over last one year. 

Of show, respondents’ concerns over petrified cell apps agree with increased to 59%, up from 51% in 2023, falling on the back of petrified scientific devices (64%) and sooner than cloud compromises (57%) and employee errors (58%).

For the 36% of respondents that acknowledged their organizations paid ransomware – 7% fewer this one year than last one year – payouts spiked 10%, to a median of $1.1 million. Final one year’s be taught figured out that ransomware’s most prevalent impact on life became once an amplify within the series of patients transferred or diverted to varied facilities, reported by 70% of these surveyed, up from 65% in 2022. 

For this one year’s be taught, researchers checked out the impact of synthetic intelligence for the first time. More than half of (54%) of respondents acknowledged their organizations agree with embedded AI in cybersecurity (28%), and 57% acknowledged AI is terribly efficient in bettering organizations’ cybersecurity posture.

THE LARGER TREND

When the institute figured out a hyperlink between ransomware and increased affected person mortality in 2021, many healthcare leaders called it an pressing serious warning call for the industry to noticeably change its cybersecurity and third-occasion-likelihood programs.

Records loss and exfiltration are aloof having an impact on affected person mortality and continue to be a pickle. Some 92% of the institute’s respondents this one year acknowledged that they had now no longer now no longer as much as 2 at ease records-loss incidents precise by means of the last two years. More than half of of these (51%) acknowledged there were affected person care disruptions that increased their organizations’ mortality charges.

Final one year, the institute checked out benchmarking factors in likelihood-mitigation resourcing, cherish staffing investments in increasing third-occasion-likelihood oversight and funding for mute cyber preparedness technologies. By November, suppliers reported well-known IT finances increases for 2024.

ON THE RECORD

“By some distance, within the previous two years the most cyberattacks alive to cloud-essentially essentially based individual accounts,” acknowledged Ponemon researchers. “Textual advise material messaging and e-mail were the two most attacked cloud-essentially essentially based individual accounts/collaboration tools.”

“An efficient cybersecurity methodology centered around stopping human-targeted attacks is crucial for healthcare institutions, now no longer correct to guard confidential affected person records but moreover to preserve the top doable quality of sanatorium treatment,” acknowledged Ryan Witt, chair of the Healthcare Buyer Advisory Board at Proofpoint, in a statement.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media newsletter.

The HIMSS Healthcare Cybersecurity Discussion board is scheduled to happen October 31-November 1 in Washington, D.C. Learn extra and register.