As digital transformation has continued to drive growth across the healthcare sector via advancements in connected medical devices and clinical workflows, it has also been fueling cybersecurity risks that often outpace the benefits to patients and society as a whole. Healthcare organizations have dealt with unprecedented challenges in the face of these risks in recent years — and new data suggests that the trend has persisted into 2023.
Specifically, to better understand how healthcare organizations are navigating the cybersecurity implications of digital transformation today, Claroty commissioned an independent global survey of 1,100 cybersecurity, engineering, IT, and networking professionals who work full-time in the healthcare sector. The results are now available in our new report, The Global Cybersecurity Study 2023: Priorities and challenges amid escalating cyber-physical connectivity. Highlights include:
On a global basis, at least 78% of respondents experienced a minimum of one cybersecurity incident over the last year.
47% cited at least one incident that affected cyber-physical systems including medical devices and/or building management system devices
The financial ramifications were mainly between the $100,000 – $1,000,000 USD range with 26% reporting paying ransoms.
On a global basis, 51% of respondents reported an increase in their security budgets.
Of their priorities, patching vulnerabilities in medical devices tops the list of gaps to be filled, followed by asset inventory management, and segmentation of medical devices.
More than 70% of organizations are looking to hire; however, 80% of those say finding qualified candidates is difficult.
Respondents point to optimizing device utilization as the biggest opportunity to trim costs.
Regulatory developments, such as mandatory incident reporting, are cited as the most important external factor that influenced organizations’ overall cybersecurity strategy.
Globally, respondents found the NIST and HITRUST Cybersecurity Frameworks to be the most important to their organizations.
Overall, the survey displayed that healthcare organizations are increasingly prioritizing cybersecurity and compliance. However, given the prevalence, variety, and impact of attacks, there are opportunities to strengthen their security programs further to ensure cyber and operational resilience. According to Yaniv Vardi, CEO of Claroty, “The healthcare industry has a lot working against it on the cybersecurity front—a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage. Our research shows that healthcare delivery organizations need the full support of the cyber industry and regulatory bodies in order to defend medical devices from mounting threats and protect patient safety.”
Fortunately, as the study reveals, healthcare organizations are on the right track to ensuring cyber and operational resilience with strong security leadership in place, well-rounded security programs implemented, and the adherence to guidelines and frameworks from regulatory bodies. Recognizing there is more work to be done, they are also prioritizing investments in people, processes, and technologies to build resilience further and ensure compliance while delivering uninterrupted, quality care to their patients. Additionally, with the help of a CPS security provider, like Claroty, organizations can gain the tools they need to solve industry challenges and ensure their healthcare environment is protected from emerging cyber threats.
To access the full set of findings and analysis, download the Global Healthcare Cybersecurity Study 2023 here.
Interested in learning about Claroty's Cybersecurity Solutions?