In February 2024, Healthcare said the company was suffering from a catastrophic data breaches, and information about over 100 million patients being stolen by hackers suffering from a catastrophic data breaches. Important files were encrypted and ransomed for weeks, causing insurance payments to be crippled.
Now, almost a year later, Change Healthcare's parent company UnitedHealth Group reports that leaked data actually affected 109 million people, making it the largest cyberattack in the industry.
Is the damage magnitude surprising? Not a little.
Healthcare is the industry suffering most from cyberattacks, with around 90% of agencies reporting at least one security breaches in the past few years. In fact, 2024 recorded the highest number of cyberattacks in the industry. This has increased by 300% since 2015.
This trend could get worse this year, with the well-known AI-driven hacking showing no signs of decline. And it's clear to me that the industry is not prepared for this onslaught.
Deepseek's R1 model breakout could throw another spanner at the work, using the model's open source code. Malicious actors can incorporate top-grade cyber features into Arsenal.
Healthcare cyber violations are more consequential than any other cyber. Ransomware and phishing attacks can be a major blow to people's lives. Not only does it block access to important information for practitioners, it also blocks access to critical technologies such as electronic health records and delays critical steps.
Beyond human costs, the financial costs for healthcare providers of these attacks were $9.77 million per violation, 67% higher than the global average, according to an IBM report. And while this cost is often passed on to consumers, 63% of organizations say they will raise prices after surmising data breaches.
The harsh unpreparation of the healthcare industry for the ongoing increase in cyberattacks combined with the great value that industry personal data provides to attackers is a disastrous combination for society and ideal for hackers.
However, the outlook doesn't have to be too dark.
The first and most important thing that the healthcare industry must do right is the acquisition and retention of top-grade cybersecurity talent. This is not an easy feat, as today's cybersecurity sector is seriously underrepresented. But the healthcare industry has a deep pocket. And if you want to move the dial to the problem, you need to dig deeper into them.
Bringing top cybersecurity talent to C-Suite must now be an immediate priority for all healthcare CEOs. And they need to scrutinize experts with a track record of cyber defense across the construction of robust firewalls, intrusion detection systems, regulation compliance, and successful management of active and large-scale cyber seduction.
Healthcare providers should also ensure they are promoting a new talent pipeline within their organization. They need to actively scout for their young software engineering talent. And once they're on board, they need to provide access to mentorship from the most seasoned experts in the cybersecurity field.
The second thing the industry has to do is to distribute patient data as much as possible and give patients the opportunity to store their own sensitive health data on their devices. This dramatically reduces the number of data bulls eyes that are currently wavy in the faces of cybercriminals.
People are skeptical of this. It is to dramatically improve the way the sector operates. But the situation is important, and dramatic and innovative measures are the only way. This technology already exists to do this and, if successful, could prove to be the most effective way to relieve pressure from the industry.
The final solution is to fight fires and deploy the most advanced AI tools at the forefront of cyber defense in the healthcare industry. It corresponds to swimming with weights on the feet, depending on the software's defenses from the 2010s. That doesn't work. The correct deployment of cutting-edge AI defense systems will be a game changer for threat detection speeds and automated response speeds, as well as predictive analytics.
AI tools also provide opportunities to streamline operations, reduce the need for automated roles, and free up capital allocated to attract and maintain top quality frontline talent.
However, note: AI is not a panacea. Just as planes are useless without pilots, AI is ineffective and even dangerous, even if it is not left in the hands of a veteran software engineer who understands its operational processes and shortcomings. Healthcare CEOs need to balance the right amount for maximum effectiveness.
These strategies require high levels of investment from the industry. But the dilemma is easy as providers have already lost millions to cyberattacks, even before they are opened up to potentially large legal costs. The industry can either stay still with the target on your back or start a process that is not currently in the way.
Michael Marcotte is the founder, chairman and CEO of Artius.id.
