top of page

Gaps in Healthcare Security: 78% of Organizations Hit by Breaches in Past Year

Claroty, a leading company specializing in safeguarding cyber-physical systems, unveiled their highly anticipated Global Healthcare Cybersecurity Study 2023. This comprehensive survey delves into the insights of 1,100 professionals hailing from the intersections of cybersecurity, engineering, IT, and networking within the healthcare domain. By scrutinizing their encounters with cybersecurity incidents over the preceding year, evaluating the efficacy of their security initiatives, and forecasting their forthcoming priorities, the study unravels a tapestry of challenges and imperatives facing healthcare organizations.

The study's revelations illuminate the intricate landscape of cybersecurity confronting healthcare establishments, escalating the urgency to bolster both cybersecurity measures and compliance adherence. A staggering 78% of respondents attested to weathering at least one cybersecurity breach during the previous year. An alarming 47% reported incidents impacting the integrity of cyber-physical systems, encompassing medical equipment and building automation systems. Approximately 30% expressed that invaluable troves of sensitive data like protected health information (PHI) had been compromised. Moreover, the fallout was profound, with over 60% of respondents acknowledging a significant or considerable disruption in care provision, and 15% bemoaning grave ramifications that jeopardized patient well-being.

An eyebrow-raising revelation emerged from the cohort of ransomware victims, with over 25% succumbing to the pressure and making ransom payments. Meanwhile, a weighty financial aftermath haunted more than a third of the beleaguered entities, as incidents incurred expenses exceeding the daunting benchmark of $1 million.

Yaniv Vardi, the stalwart CEO of Claroty, candidly acknowledged the uphill battle the healthcare sector faces, citing the proliferation of attack vectors, antiquated legacy systems, financial constraints, and a global dearth of cybersecurity experts. Vardi underscores the pivotal role regulatory bodies and the broader cybersecurity industry play in safeguarding medical devices against the rising tide of threats, alluding to the indispensable need to ensure patient safety.

The study also spotlighted the correlation between elevated cybersecurity standards and more resilient defense mechanisms, albeit while underscoring the persistence of gaps. Approximately 30% of respondents signaled dissatisfaction with current governmental policies and regulations, perceiving them as inadequate in thwarting burgeoning threats. Among the assortment of frameworks available, NIST and HITRUST Cybersecurity Frameworks clinched the top spots in importance as indicated by 38% of respondents each. Regulatory progressions, such as the imposition of mandatory incident reporting, emerged as the predominant external driver influencing an organization's overarching security strategy.

Moreover, the study divulged that the scarcity of proficient cyber talents continues to loom large. A staggering 70% of healthcare establishments are actively scouting for cybersecurity personnel. Paradoxically, 80% of these recruiters lamented the scarcity of adequately qualified candidates equipped with the indispensable skills and experience demanded to adeptly manage the labyrinthine cybersecurity demands of healthcare networks. ###


bottom of page