The Global State of CPS Security 2024: Business Impact of Disruptions
Get the Survey Report
Claroty Toggle Search

Press Release

78% of Healthcare Organizations Experienced Cyber Incidents in Past Year, 60% of Which Impacted Patient Care

Claroty’s Global Healthcare Cybersecurity Study 2023 reveals priorities and challenges amid escalating cyber-physical connectivity

NEW YORK – August 29, 2023 – Claroty, the cyber-physical systems protection company, today announced the release of the Global Healthcare Cybersecurity Study 2023, a survey of 1,100 cybersecurity, engineering, IT, and networking professionals from healthcare organizations. The study explores their experience with cybersecurity incidents over the past year, the state of their security programs, and future priorities.

The survey’s findings show that healthcare organizations are facing myriad cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance. According to the study: 

  • 78% of respondents experienced a minimum of one cybersecurity incident over the last year

  • 47% cited at least one incident that affected cyber-physical systems such as medical devices and building management systems

  • 30% cited that sensitive data like protected health information (PHI) was affected

  • More than 60% reported that incidents caused a moderate or substantial impact on care delivery, and another 15% reported a severe impact that compromised patient health and/or safety

Surprisingly, of the respondents that were victims of ransomware attacks, more than a quarter made ransom payments. Another noteworthy financial implication, more than a third experiencing incidents in the past year incurred costs from the attack of more than $1 million. 

“The healthcare industry has a lot working against it on the cybersecurity front—a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage,” said Yaniv Vardi, CEO of Claroty. “Our research shows that healthcare organizations need the full support of the cyber industry and regulatory bodies in order to defend medical devices from mounting threats and protect patient safety.”

Additional findings show that increased standards and regulations fuel stronger cybersecurity, but there’s more work to be done:

  • Nearly 30% say current government policies and regulations require improvement or do nothing to prevent threats

  • NIST (38%) and HITRUST Cybersecurity Frameworks (38%) were selected by the most respondents as important to their organizations

  • 44% cite regulatory developments such as mandated incident reporting as the most influential external factor to an organization’s overall security strategy

The study also found that the cyber skills shortage is still a top challenge:

  • More than 70% of healthcare organizations are looking to hire in cybersecurity roles

  • 80% of those hiring say it’s difficult to find qualified candidates that have the skills and experience required to properly manage a healthcare network’s cybersecurity

To access the full set of findings and analysis, download the Global Healthcare Cybersecurity Study 2023 here.

Methodology

Claroty contracted with Pollfish to conduct a survey of healthcare providers, healthcare delivery organizations (HDOs), hospitals, and clinics in North America (500), South America (100), APAC (250), and Europe (250). Only individuals who work full time in cybersecurity, clinical engineering, biomedical engineering, information systems, risk, or networking completed the survey, for a total of 1,100 respondents. Respondents work for organizations with a minimum of 25 beds to over 500 beds, with the largest group (45%) working for organizations with 100 to 500 beds. The survey focuses on the period of June 2022 – June 2023 and was completed in July 2023. Note: Totals may not equal 100% due to rounding or when multiple answers are permitted.

About Claroty

Claroty empowers organizations to secure cyber-physical systems across industrial, healthcare, public sector, and commercial environments: the Extended Internet of Things (XIoT). The company’s unified platform integrates with customers’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection, and secure remote access. Backed by the world’s largest investment firms and industrial automation vendors, Claroty is deployed by hundreds of organizations at thousands of sites globally. The company is headquartered in New York City and has a presence in Europe, Asia-Pacific, and Latin America. To learn more, visit claroty.com.

Interested in learning about Claroty's Cybersecurity Solutions?

Claroty
LinkedIn Twitter YouTube Facebook