Why is healthcare the weakest link in cybersecurity defence
Data from Tenable showed that 35.4% of breach events in 2022 targeted the healthcare sector.
Healthcare institutions have been found to be the top target of cybercriminals. According to Tenable’s Threat Landscape report, the sector contributed to 35.4% of all breach events in 2022.
The year 2022 also marked the 13th consecutive year that the healthcare sector reported the highest data breach costs, with an average cost pegged at US$10.93m, according to IBM Security Cost of a Data Breach Report 2023.
Tenable’s report suggested that cybercriminals are targeting healthcare information given the slower pace at which providers are adopting “adopting preventive cybersecurity measures."
Given the alarming rise of cyberattacks in the sector and more institutions embarking on their digitising journeys, Tenable underscored that it has become more important for providers to strengthen their cybersecurity.
The report added that whilst stricter data-protection laws will be crucial in preventing cyber attacks, healthcare entities must not rely on the “bare essentials.”
“Whilst regulatory measures are essential, waiting for them might be detrimental. Healthcare organisations need to prioritise cybersecurity now,” the report stated.
According to the 2023 ForgeRock Identity Breach Report, the healthcare sector in Australia is the most vulnerable to cyberattacks, with the sector contributing 16% of all 890 data breaches in the market last year.
In 2022, Farrer Park Hospital in Singapore faced a $58,000 fine after its data was compromised, which resulted in forwarding almost 2,000 patients’ medical information to a third party.
Two months ago, another Singapore hospital, Fullerton Healthcare, was also fined with the same amount because it failed to implement safety measures to shield personal data of its corporate clients and patients.
In November last year, All India Insitute of Medical Sciences in New Delhi, India disclosed an IT outage following a suspected ransomware threat.
East Asian markets are also not strangers to cyber threats. Osaka Medical Center in Osaka, Japan was forced to shift to manual operations after it experienced a power outage caused by a ransomware attack on its electronic medical records (EMR) system, which is an online medical treatment history of patients.
Other possible questions for discussion:
- What immediate actions should healthcare institutions prioritise to safeguard their data?
- How can healthcare entities strike a balance between the rapid digitisation of services and ensuring robust cybersecurity measures?
- How can healthcare institutions regain and maintain the trust of the public, ensuring that their personal and healthcare data is safe?
- What role should private healthcare entities play in shaping these regulations to ensure both compliance and effectiveness against cyber threats?
- What cybersecurity factors should healthcare providers consider when choosing third-party vendors?
- What types of technologies should hospitals invest in to protect themselves against cyberattacks?