As the integration of digital tools becomes more embedded in daily medical practices, the line between technology and healthcare blurs, bringing new challenges to the forefront. This blog explores 10 key trends and statistics in healthcare cybersecurity for 2023.
From the rise of remote patient monitoring to an alarming increase in ransomware attacks, we delve into the challenges, changes, and champions of cybersecurity in healthcare in 2023. Prepare to gain invaluable insights that will redefine your perspective on this vital issue.
Remote care and devices
Remote patient care or monitoring (RPM), utilizing smart devices, is expected to increase in 2023, as more patients prefer convenience and safety over in-person visits.
This also means an increase in remote devices that connect to healthcare networks, such as wearables, sensors, tablets, and smartphones.
These devices pose a significant risk to healthcare cybersecurity, as they may not have adequate security measures or updates, and may be compromised by hackers or malware.
Expanding attack surface
The healthcare sector has an expanding attack surface, as it relies on various technologies and systems, such as electronic health records (EHRs), cloud services, medical devices, telehealth platforms, and mobile applications.
These technologies and systems may have vulnerabilities that can be exploited by cybercriminals, such as weak passwords, misconfigurations, outdated software, or human errors.
The healthcare sector also has a large amount of sensitive data, such as personal health information (PHI), financial information, and research data, that can be stolen or encrypted by hackers for ransom or extortion.
Single point of digital security responsibility
The rise of the chief information officer (CIO) or chief information security officer (CISO) is expected in 2023, as healthcare organizations need a single point of digital security responsibility to oversee and coordinate their cybersecurity efforts.
The CIO or CISO will be responsible for developing and implementing a comprehensive cybersecurity strategy, managing the cybersecurity budget and resources, ensuring compliance with regulations and standards, and communicating with stakeholders and partners.
The CIO or CISO will also need to collaborate with other executives and departments, such as the chief medical officer (CMO), the chief financial officer (CFO), the legal team, the IT team, and the clinical staff.
Increase in managed and hosted services
The increase in managed and hosted services is expected in 2023, as healthcare organizations seek to outsource some of their cybersecurity functions to third-party providers or cloud-based platforms.
This can help healthcare organizations reduce their operational costs, improve their efficiency and scalability, access specialized expertise and tools, and focus on their core competencies.
However, this also introduces new challenges and risks, such as ensuring the security and privacy of the data stored or processed by third-party providers or cloud-based platforms, managing the contracts and service level agreements (SLAs), and monitoring the performance and compliance of the vendors.
Growth of zero trust security
The growth of zero trust security is expected in 2023, as healthcare organizations adopt a more proactive and preventive approach to cybersecurity that assumes no trust for any user, device, or network.
Zero trust security involves implementing multiple layers of security controls and verification mechanisms, such as multifactor authentication (MFA), encryption, segmentation, micro-perimeters, identity and access management (IAM), endpoint detection and response (EDR), and continuous monitoring.
Zero trust security can help healthcare organizations reduce their attack surface, prevent unauthorized access or data breaches, enhance their visibility and auditability, and comply with regulations and standards.
Ransomware attacks
Ransomware attacks are one of the most common and devastating cyber threats to the healthcare sector. They involve encrypting the data or systems of the victims and demanding a ransom for their decryption.
According to Malwarebytes Threat Intelligence team, there were 1,900 total ransomware attacks within just four countries—the US, Germany, France, and the UK—in one year from July 2022 to June 2023.
According to Health Sector Cybersecurity Coordination Center (HC3), ransomware attacks often target EHRs systems, backup servers, and cloud storage providers, as they contain critical data that can disrupt patient care or operations if inaccessible.
Data breaches
Data breaches are another common cyber threat to the healthcare sector. They involve exposing or stealing the data of the victims without their consent or knowledge.
According to Health IT Security, several healthcare data breaches have occurred as a result of a cyberattack on MOVEit Transfer, a secure file transfer service used by many healthcare organizations. Some of the incidents and the number of patients affected are:
- Harris Health Systems: 224, 700 patients
- University of Florida Health: 1.4 million patients
- University of Maryland Medical System: 189, 000 patient
- University of Vermont Health Network: 72, 000 patients
- Harris Health Systems: 224, 700 patients
- University of Florida Health: 1.4 million patients
- The University of Maryland Medical System: 189, 000 patients
- University of Vermont Health Network: 72, 000 patients
Negative patient outcomes
Cyberattacks can have negative impacts on patient outcomes, such as delayed procedures and tests, increased complications from medical procedures, misdiagnosis, medication errors, or even death.
According to a 2022 study, 57 percent of surveyed providers reported negative patient outcomes as a result of cyberattacks, and 50 percent reported increased complications from medical procedures.
Cyberattacks can also affect patient trust and satisfaction, as 80 percent of patients said they would switch providers if their data was compromised, and 50 percent said they would avoid seeking care from providers that had experienced a cyberattack.
Regulatory compliance and legal liability
Cyberattacks can also have legal and regulatory implications for healthcare organizations, such as fines, penalties, lawsuits, or reputational damage.
Healthcare organizations face various regulations and standards that aim to protect the security and privacy of their data, such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the NIST Cybersecurity Framework.
Healthcare organizations can also be held liable for cyberattacks that affect their patients or partners, such as breach of contract, negligence, breach of fiduciary duty, or violation of consumer protection laws.
Potential impact on quality of care
Cyberattacks can also have an impact on the quality of care that healthcare organizations provide to their patients, such as reducing their efficiency, productivity, innovation, or competitiveness.
Cyberattacks can disrupt the availability and reliability of healthcare technologies and systems, such as EHRs, telehealth platforms, medical devices, or cloud services, that are essential for delivering timely and accurate care to patients.
Cyberattacks can also hinder the research and development of new treatments or vaccines, that require large amounts of data and collaboration among healthcare organizations.
