Healthcare organizations continue to be prime targets for cyber attacks, with a recent report by Proofpoint revealing that 92% of organizations experienced at least one attack in the past 12 months. This marks an increase from 88% in the previous year, showcasing the growing threat landscape faced by the healthcare industry.
Among the most common types of attacks reported were cloud compromise, ransomware, supply chain attacks, and business email compromise (BEC). These attacks not only disrupted operations but also had a significant impact on patient care. According to the report, 56% of organizations reported poor patient outcomes due to delays in procedures and tests, 53% saw an increase in medical procedure complications, and 28% noted an increase in patient mortality rates.
Supply chain attacks were highlighted as the most likely to affect patient care, with 68% of respondents reporting such attacks and 82% of those incidents resulting in disruptions to patient care. The rise in these attacks underscores the need for healthcare organizations to bolster their cybersecurity defenses to safeguard patient safety and well-being.
Ransomware attacks remain a pressing concern for healthcare organizations, with 54% of respondents considering their organizations vulnerable to such attacks. Despite a slight decline from the previous year, organizations that fell victim to ransomware attacks experienced an average of four incidents over the past two years. The report also revealed that the average ransom paid increased to $1,099,200, emphasizing the financial impact of these attacks on healthcare organizations.
Insecure mobile apps emerged as the top cybersecurity threat in healthcare, with concerns increasing from 51% in 2023 to 59% in 2024. This shift highlights the evolving tactics employed by cyber criminals to target vulnerable endpoints within healthcare networks. Cloud/account compromise and email attacks also ranked high among cybersecurity concerns for healthcare organizations.
Data loss and exfiltration incidents were prevalent among surveyed organizations, with more than nine in ten reporting such incidents involving sensitive data in the past two years. These incidents not only jeopardized patient data security but also had real-world impacts on patient care, including increased mortality rates and delays in essential procedures.
While organizations are investing more resources in cybersecurity, challenges remain in combating human-centric risks posed by negligent employees. The lack of clear leadership emerged as a growing concern, with 49% of respondents citing it as a challenge in achieving a strong cybersecurity posture. Effective training and awareness programs are essential in mitigating these risks and fostering a culture of cybersecurity awareness within healthcare organizations.
The integration of AI in cybersecurity emerged as a key trend, with 54% of respondents reporting its use to bolster their security defenses. AI was found to be effective in improving cybersecurity posture and understanding human behavior, highlighting its potential in enhancing healthcare cybersecurity strategies.
Overall, the report underscores the critical link between cyber safety and patient safety in healthcare. Protecting medical data and systems from cyber attacks is paramount to ensuring uninterrupted patient care and safeguarding critical services. By addressing these cybersecurity challenges and embracing innovative technologies like AI, healthcare organizations can enhance their security posture and mitigate the risks posed by ongoing cyber threats.