Irfan Shakeel, VP of Training and Certification Services, OPSWAT
Cyberattacks on the healthcare industry will continue to increase: The healthcare industry is most vulnerable to cyberattacks, which makes it a lucrative target for cybercriminals; attacks on the healthcare industry have grown significantly in 2022, and attacks will even go further in 2023. According to IBM, healthcare breaches cost the most at $9.23 million per incident. And, most importantly, cyberattacks not only affect human lives directly—they also impact patients’ mental well-being.
Additionally, according to a recent SANS and OPSWAT report, “State of ICS/OT Cybersecurity in 2022 and Beyond,” 26% of respondents reported that the healthcare and public health sector is likely to experience a successful ICS compromise with impacts on safe and reliable operations. Lastly, with healthcare staff generally unaware of the extent of cyber risks and best practices, educating them is of vital importance to protect the healthcare industry from cyberattacks.
Anura Fernando, Global Head of Medical Device Security at UL Solutions
When we look back on 2023, healthcare will be the most attacked sector in the global economy. Recent Statista research revealed that the healthcare industry was the second-most attacked industry vertical from November 2020 to October 2021, trailing only financial services. Ensuing Q3 2022 research from security firm Check Point revealed a 60% YoY increase in attacks in healthcare, to a total of 1,426 attacks per week. Unfortunately, as more and more health systems adopt digital and connected technologies, I expect that 2023 will be the year we see attacks against the healthcare industry rise to the top of global industry landscape, further hampering digital transformation initiatives across the industry.
Jennifer Conner, Sr. Director of Pharma/Healthcare, Icertis
Healthcare industry must build trust with patients given cybersecurity concerns and heightened awareness of patient data protection. Heightened concern around data protection will lead to new terms and protections in contracts related to data breaches and data use agreements. Organizations will need solutions that are not only ulta-secure, but ensure the intent of each contract is memorialized so that patients are protected.
George Prichici, VP Products, OPSWAT
Cyberattacks on the healthcare industry will have direct, fatal outcomes: In the case of most cyberattacks, profit is the motive and rarely the aim is to kill. Killing is an unfortunate side-effect of the problem – such as high stakes situations where hackers take control for ransom thinking most hospitals will comply to save lives. For instance, a major US hospital system – CommonSpirit Health – recently suffered a ransomware cyberattack—and a 3-year-old was given a fatally large dose of pain medication as a result.
However, a lack of defined response, or coordinated and up-to-date protocols, leads to mistakes, including ransom not paid in time or no disaster recovery or backup in place. Whatever the reason, small mistakes have deadly consequences in healthcare – even if organizations are willing to pay the ransom. They also have to think about violations of data privacy regulations and repercussions.
That is why zero-trust is so important for healthcare, as well as having a solid response plan in place for recovery/backup (similar to generators for a power outage), so that operations don’t get stopped mid-way.
Jon Moore, Chief Risk Officer|SVP Professional Services at Clearwater
Digital transformation gives healthcare providers quick access to more comprehensive and higher-quality data resulting in better and more efficient decision-making. This is essential for us to realize the goals of improved patient care and safety while simultaneously reducing costs. However, with this innovation comes new security and privacy challenges that organizations must solve. The volume and sophistication of cyber-attacks targeting the Healthcare Industry grow every day and as digital transformation progresses, organizations must understand that defending against these increasing threats requires adopting a mindset of continuous risk management. Recognizing this need, in 2023 we’ll begin seeing more dynamic approaches to cybersecurity, allowing organizations to become more agile in identifying and treating risks, recognizing and responding to events, and managing and recovering from incidents.