US healthcare: Majority suffered cyberattack in last 12 months
92 percent of healthcare companies have experienced at least one cyberattack in the last 12 months. Patient care often suffered as a result.
(Image: hxdbzxy/Shutterstock.com)
The majority of US healthcare organizations (92%) have reported experiencing at least one cyberattack in the past 12 months. Of these, 69 percent stated that patient care was also affected. This is according to a survey conducted by the Ponemon Institute and Proofpoint Inc. which polled 647 IT professionals from US healthcare organizations. According to the survey, healthcare organizations continue to struggle to mitigate the impact of such attacks.
According to the survey, supply chain attacks are most likely to impact patient care. 82 percent of respondents whose organizations were impacted by supply chain attacks reported disruption to patient care.
Attacks on the cloud
The four most common types of attack include attacks on cloud services or accounts, attacks on the supply chain, followed at some distance by ransomware attacks and business email compromise or spoofing. In 56% of the organizations affected, these led to a disruption in patient care, for example due to delays in tests or operations, which is usually associated with high costs for hospitals.
(Image:Â Ponemon Institute und Proofpoint)
The most common attacks are on cloud-based collaboration tools, most of them on text messaging services, followed by email accounts and various video conferencing systems.
Fewer, but higher ransom payments
(Image:Â Ponemon Institute und Proofpoint )
54 percent of respondents believe their organizations are vulnerable or very vulnerable to ransomware attacks, a decrease from 64 percent in 2023. Although fewer organizations paid a ransom (36 percent in 2024 compared to 40 percent in 2023), ransoms paid increased on average by 10 percent to $1,099,200 compared to $995,450 in the previous year.
Videos by heise
The study also shows that traditional compliance-based security training programs are not enough to reduce the risks posed by negligent employees. 59 percent of respondents said they conduct regular training and awareness programs. However, the study also shows that the lack of clear leadership is a growing problem and threat to cybersecurity in healthcare. The proportion of respondents who considered the lack of in-house expertise to be the main problem rose from 14 percent in 2023 to 49 percent in 2024.
AI and machine learning
More than half (54 percent) of respondents said their organizations have deployed AI in cybersecurity (28 percent) or in both cybersecurity and patient care (26 percent). 57 percent of respondents who use AI believe AI is very effective in improving organizations' cybersecurity posture, and more than a third (36 percent) use AI and machine learning to understand human behavior. However, 63 percent of respondents are aware that it is "difficult" or "very difficult" to protect confidential and sensitive patient data used in AI.
"This report underscores that cybersecurity is patient safety," said Ryan Witt, Chairman of the Healthcare Customer Advisory Board at Proofpoint. "Protecting healthcare systems and medical data from cyberattacks is critical to ensuring continuity of patient care and avoiding disruption to critical services," Witt summarized.
(mack)
