This post is part of our 2023 cybersecurity prediction series.
Cyberattacks on the healthcare industry will continue to increase.
“The healthcare industry is most vulnerable to cyberattacks, which makes it a lucrative target for cybercriminals; attacks on the healthcare industry have grown significantly in 2022, and attacks will even go further in 2023. According to IBM, healthcare breaches cost the most at $9.23 million per incident. And, most importantly, cyberattacks not only affect human lives directly—they also impact patients' mental well-being.
Additionally, according to a recent SANS and OPSWAT report, “State of ICS/OT Cybersecurity in 2022 and Beyond,” 26% of respondents reported that the healthcare and public health sector is likely to experience a successful ICS compromise with impacts on safe and reliable operations. Lastly, with healthcare staff generally unaware of the extent of cyber risks and best practices, educating them is of vital importance to protect the healthcare industry from cyberattacks.”
Cyberattacks on the healthcare industry will have direct, fatal outcomes.
“In the case of most cyberattacks, profit is the motive and rarely the aim is to kill. Killing is an unfortunate side-effect of the problem – such as high stakes situations where hackers take control for ransom thinking most hospitals will comply to save lives. For instance, a major US hospital system – CommonSpirit Health – recently suffered a ransomware cyberattack—and a 3-year-old was given a fatally large dose of pain medication as a result.
However, a lack of defined response, or coordinated and up-to-date protocols, leads to mistakes, including ransom not paid in time or no disaster recovery or backup in place. Whatever the reason, small mistakes have deadly consequences in healthcare – even if organizations are willing to pay the ransom. They also have to think about violations of data privacy regulations and repercussions.
That is why zero-trust is so important for healthcare, as well as having a solid response plan in place for recovery/backup (similar to generators for a power outage), so that operations don't get stopped mid-way.”