This year has been a tumultuous year for the medical industry.
Change Healthcare Disruptions like the ransomware attack and CrowdStrike IT outage highlight the vulnerabilities of healthcare organizations and how such events can have a devastating impact on healthcare operations and put patients at risk. I showed you. As we look to the future, we must come together as an industry to fix weaknesses and protect our organizations.
An American Hospital Association study found that 94% of U.S. healthcare providers have been affected by the Change Healthcare ransomware attack. This grim statistic shows how cybercriminals can rapidly disrupt entire industries. While Crowdstrike was not a direct security incident, it also highlighted the vulnerabilities of our sector and the need for healthcare to have true business continuity and resiliency plans.
Incidents like this are no longer just an IT problem. The entire industry must protect healthcare operations and patient safety from the devastating effects of these disruptions. A multi-layered approach that prioritizes and invests in cybersecurity and IT resilience is essential to protect patient safety, privacy, and operational integrity.
Here are some areas where healthcare organizations can focus their efforts and resources.
The need for a unified approach
Cyber threats will only continue to increase. We are on track to set a new record for the number of security incidents in healthcare. Nearly 400 data breaches occurred in the first half of this year, with malicious actors targeting vulnerable legacy systems, exploiting third-party vulnerabilities, and leveraging emerging technologies for their own benefit. Therefore, threats will continue to increase.
For example, generative AI is a double-edged sword. While this strengthens operational and security efforts, we must remain vigilant as cybercriminals may also use this to accelerate their attacks.
Our industry needs a unified approach against cybercriminals to effectively manage the emerging threat landscape and prevent disruption. This requires stakeholders across the ecosystem to come together, including healthcare providers, payers, vendors, and governments. It is not a relationship between one organization and another. It's about sharing resources and fighting a common enemy.
A cybersecurity incident or misstep is not an opportunity to stand out from the competition. As these events become inevitable, we should all come together and do our best to help in times of need. To face these challenges together, healthcare organizations need a trusted partner, not just a vendor.
We are all in this together. Collaboration can help you secure systems faster, improve incident response and disaster recovery, and get operations back online as quickly as possible so healthcare workers can refocus on patient care and treatment.
Security by design
According to IBM's 2024 Cost of Data Breach Report, healthcare is the industry most affected by cyberattacks, with the average cost of a data breach reaching nearly $10 million. Financial services ranked second, facing data breaches at $6 million, nearly $4 million less than health care.
As the threat landscape evolves, so must the strategies for protecting your systems. Security by design is no longer optional. Necessary to maintain business operations and continuity.
It is important to incorporate security measures from the beginning of development into implementation, rather than as an afterthought. Vendors must provide secure solutions by default, including built-in basic and advanced security protocols such as pre-configured multi-factor authentication.
The importance of business continuity is also demonstrated in these scenarios by the ransomware attack that affected blood donation center OneBlood. Although this attack has limited operations and disrupted normal distribution, the nonprofit organization immediately implemented backup plans and will continue to provide essential services until operations return to normal and cooperate with local hospitals. It is said to obtain.
This unified approach allows stakeholders to support hospitals and health systems and share resources to address and reduce potential vulnerabilities in outdated technology, legacy systems, and medical devices. threats can be neutralized. As cybersecurity has become a non-negotiable part of the RFP process for healthcare providers, technology vendors and third-party supply chain partners must also collaborate on these issues.
strategic prioritization
As mentioned earlier, cybersecurity is no longer just an IT issue. The CEO and board play equal roles in ownership of security risks and safeguards.
As cyber-attacks occur with increasing frequency, preparing for them requires knowing your business inside out and understanding the impact at different levels across your organization. What systems are critical to patient safety? What systems can you live without?
CEOs and boards of directors are responsible for setting the culture and tone for how their organizations prioritize managing and responding to these risks. Regular cyber risk assessments, incident response plans, and business impact analyzes are critical to business continuity.
This helps prioritize resources to protect mission-critical systems for patient care and surgery. Having a contingency plan in place if your systems go offline for more than a few hours will ensure your organization is prepared, even if it takes days or weeks to get back online.
While recent months have shown us that ransomware and data breaches can have a devastating impact on healthcare, we are on a path that will only get harder before it gets easier. Don't forget that.
We all have a responsibility to protect our patients, and we are pleased that the healthcare industry is taking these issues more seriously than ever before. This is evident in their increased investment and I encourage continued collaboration and a unified approach to solutions.
Saeed Valian is the Chief Information Security Officer at symplr.
Next Monday: Chief Healthcare Executives® will host the final panel discussion on cybersecurity in hospitals and health systems. Our experts provide advice to improve the security of your healthcare facility.