The rising frequency and sophistication of cyberattacks is significantly affecting patient care and operational security within the healthcare sector, as outlined in a recent report by Help Net Security. With over 92% of healthcare organisations experiencing at least one cyberattack in the past year—an increase from 88% in 2023—the need for enhanced cybersecurity measures has never been more pressing. Alarmingly, 69% of these institutions reported disruptions to patient care resulting from these breaches.

Cybersecurity vulnerabilities within the healthcare sector are increasingly being spotlighted, particularly with regard to the use of mobile applications for healthcare services (eHealth). This area has now emerged as the foremost threat, with concerns escalating from 51% to 59% among respondents in 2024. Such applications, while offering convenience and enhanced connectivity, also present significant risks if not adequately secured.

In terms of overall trends, the report indicates that healthcare organisations have been grappling with an unprecedented number of data breaches. Data compiled by The HIPAA Journal reveals that 2021 was a record year for the industry, a trend that showed no signs of abating into 2023, which saw the most data breaches documented to date. More than 133 million records were exposed, underlining the gravity of the situation.

Despite these challenges, the US healthcare industry’s average security rating stood at a surprising 88, though it indicates significant room for improvement. Organisations with a ‘B’ rating are 2.9 times more likely to suffer from data breaches than those achieving an ‘A’ rating. Furthermore, third-party breaches accounted for 35% of cyber incidents within healthcare, evidently outstripping breaches faced by other sectors.

The volume of sensitive data handled by healthcare organisations poses concerns; the average entity manages over 42 million sensitive records—50% more than the global average of 28 million. In fact, the amount of sensitive data in the healthcare sector surged by over 63% in 2023, significantly exceeding growth rates observed in other industries.

Moreover, the potential risks related to medical devices cannot be overlooked. Reports show that 63% of known exploited vulnerabilities tracked by CISA are present on healthcare networks. Alarmingly, 23% of medical devices—ranging from imaging devices and clinical IoT to surgical instruments—are known to have at least one exploited vulnerability. Such vulnerabilities can lead to dire consequences, threatening not just data integrity but also patient safety.

As healthcare organisations continue to integrate advanced technologies, including artificial intelligence (AI), they must remain vigilant about the accompanying security and privacy challenges. The storage and handling of Protected Health Information (PHI) and sensitive patient data necessitate robust cybersecurity measures, as these organisations become increasingly attractive targets for cybercriminals. The implications for uninterrupted patient care and the safeguarding of sensitive information can therefore be profound.

Source: Noah Wire Services