Cyberattack threats are increasing against hospitals and health systems as hackers take advantage of healthcare organizations' outdated IT systems, fewer cybersecurity protocols and data-rich patient files, according to Black Book Research.
For its November 2020 State of the Healthcare Industry Cybersecurity report, Black Book surveyed 2,464 security professionals from 705 provider organizations about the gaps, vulnerabilities and deficiencies in their cybersecurity strategies.
Six report insights:
1. Seventy-three percent of health system, hospital and physician organizations said their infrastructures are unprepared to respond to cyberattacks, which are predicted to triple in 2021.
2. The COVID-19 pandemic has exacerbated cybersecurity weaknesses, with 90 percent of health system and hospital employees who moved to work-from-home assignment not receiving any updated guidelines or training on the increased risk of accessing patient data from less secure remote systems.
3. Ninety percent of practice administrators and 82 percent of hospital CIOs in inpatient facilities under 150 beds said they are not even close to spending an adequate amount on protecting patient records from a breach.
4. Cybersecurity threats are now four times more likely to be targeted on healthcare than anyother industry, said Brian Locastro, lead researcher for the Black Book report. He added: "Ransomware attacks are increasing in popularity because of the amount of privileged information the hacker can obtain [and] providers at the point-of-care haven't kept pace with the cybersecurity progress and tools that manufacturers, IT software vendors and the FDA have made either."
5. Eighty percent of healthcare organizations said they have not completed a cybersecurity drill with an incident response process, despite rising cases of data breaches in healthcare this year.
6. The healthcare industry is expected to spend $134 billion on cybersecurity from 2021-26. However, 82 percent of health system CIOs and CISOs said their current budgets have not been allocated effectively prior to their tenure and are often only spent after breaches.