In 2023, healthcare organizations will see some of the most "catastrophic" cybersecurity attacks due to constraints on resources needed to implement better security, SC Media reported Dec. 2.
Five reasons why healthcare organizations can expect a major cyberattack in 2023, according to the report:
- Resource constraints: Inadequate budgets are the No. 1 issue keeping healthcare organizations from achieving more effective cybersecurity protections. According to a study from digital forensics company BreachQuest, healthcare organizations spend just 4 to 7 percent of their IT budgets on cybersecurity.
- Patient data: Hackers are incentivized to gain access to patient data as they know healthcare organizations will pay ransoms in order to prioritize patient safety.
- Not following traditional cybersecurity practices: Healthcare organizations prioritize patient outcomes above else, according to the report, meaning IT security teams cannot remove high-risk Internet-of-Medical-Things devices without input from clinical practitioners.
- Healthcare regulations: Healthcare is a heavily regulated industry, requiring organizations to ensure their technologies and practices comply with HIPAA and other pertinent regulatory compliance frameworks. This can cause internal bureaucratic processes to prioritize regulations, which in turn can slow evolution in security capabilities, according to the report. Second, organizations tend to view security from a compliance perspective, which can also hinder security.
- New devices and systems: Upgraded systems and devices can create security challenges, as healthcare organizations have to protect a vast set of devices and systems as their security profiles change.