A recent report by Claroty sheds light on the concerning state of cybersecurity within healthcare organizations globally. Approximately 78% of healthcare entities across North America, South America, the APAC region, and Europe faced cyberattacks in the past year, according to the study.
Polling over 1,100 professionals in cybersecurity, IT, engineering, and networks within the healthcare sector, the report underscores the significant impact of these attacks on IT systems, sensitive data, medical devices, and management systems.
The survey revealed that while 42% of incidents impacted IT systems, other critical assets were also affected, such as protected health information (PHI) data (30%), medical devices (30%), and building management systems (27%).
Among the respondents whose organizations experienced cyberattacks, 60% reported varying degrees of impact on care delivery, while 15% suffered severe consequences for patient health and safety. The survey also highlighted that a majority of healthcare organizations (78%) have established clear leadership for medical device security, typically under IT security departments, and over half have increased their security budgets.
The cybersecurity programs implemented cover a wide range of assets, including sensitive data, IT systems, medical devices, building management systems, and other internet-connected components.
The financial repercussions of these cyber incidents were substantial, with 43% of respondents estimating costs between $100,000 and $1 million, and 24% indicating costs ranging from $1 million to $10 million.
Shockingly, around 26% admitted to paying a ransom, further amplifying the financial burden. The study also highlighted the prevalent concern among respondents regarding cyberattacks, with more than 60% expressing worry about their organizations being targeted.
Despite these challenges, the survey revealed that many organizations still need to enhance their cybersecurity strategies and vulnerability management, with 38% operating at or below basic levels of network segmentation. The report concluded that while healthcare entities strive to improve their security processes, the lack of budget and difficulty in finding qualified cybersecurity candidates remain significant obstacles.