The COVID-19 pandemic saw an immediate acceleration in the adoption of virtual healthcare, with social distancing and quarantine requirements further spurring the emerging digital advancements of telehealth. The AMA Physician Practice Benchmark Survey found that 14.3 percent of physicians worked in practices that used videoconferencing to provide patient visits in September 2018; in September 2020, during the COVID-19 pandemic, that number reached 70.3 percent.
At the same time, digital advancements in healthcare led to a widespread industry adoption of Electronic Medical Records (EMR). The Healthcare IT market was estimated at 315.3 Billion USD in 2021, and is anticipated to grow at a CAGR of 14 percent from 2021 to 2029. The rise in both telehealth and EMRs has led to a huge increase in the amount of data hospitals and health systems are responsible for maintaining and keeping secure. At large, hospitals and health systems are unequipped to deal key cybersecurity challenges on top of keeping up with the unprecedented demand on patient care services and telehealth accommodations.
Source: AAMC, The Growing Threat of Ransomware Attacks On Hospitals
Healthcare Cybersecurity Threats During COVID-19
Given the rapid migration to digital platforms that host personal data and lack of advanced cybersecurity, many hospitals and health systems have become targets for cybercrime and ransomware attacks. Healthcare organizations globally have seen a 45 percent increase in security breaches since November 2020. A Sophos report from May this year cited a third of healthcare organizations were targets of ransomware attacks in the last year. Of those reported to have been victims of ransomware attacks in the last year, 65 percent reported that the cybercriminals succeeded in encrypting their data. This success rate of the attackers in encrypting healthcare data is 11 percentage points higher than other sectors globally (54 percent attacker success rate at encrypting data). Healthcare also sits behind other sectors globally in their ability to stop attacks once they are happening, with a 28 percent success rate compared to the global average of 39 percent.
Cybersecurity Investments a Low Priority for Health IT Teams
Executives across all industries now recognize that cybersecurity should be a priority. In a 2021 PWC survey of US-based CEOs, nearly half responded that they plan to increase investments in cybersecurity and data privacy by up to nine percent over the next three years; 30 percent plan to increase investments by 10 percent or more; 42 percent ranked cyber and data privacy second among 11 areas of impact and value that they said they should do more to measure threats.
Despite this, research suggests many hospitals and health organizations still fail to see cybersecurity as an investment priority. CyberMDX and Philips found only 11 percent of hospital IT teams note that cybersecurity is a high priority spend. As hospital systems struggle to combat security breaches, investment in multilayered cybersecurity and protection measures are more important than ever. Sophos exeprts suggest investment in data backups, layered protection, trained IT professionals, and anti-ransomware technology.
Focus on Cybersecurity Talent to Prevent Future Breaches
Of the healthcare organizations surveyed by Sophos, 79 responded that their organizations were not targets of a ransomware attack within the last year, and that they don’t anticipate their organization will be the target of a ransomware attack in the future. Confidence in IT security staff trained to stop attacks was the most frequent response regarding protection against future and past ransomware attacks.
Source: Sophos, The State of Ransomware in Healthcare 2021
Looking Forward for Healthcare Cybersecurity
There is a clear need in the healthcare industry for competent health IT professionals who can support our hospitals and health systems as they meet their patients in a digital age. As a provider of highly customizable talent solutions, LevelUP is focused on ensuring healthcare organizations have access to the talent they need to evolve technologically while keeping their organization secure and patient data safe. Click here to connect with one of our talent specialists.
It’s time for health IT teams to prioritize investments into cybersecurity efforts. That said, data strategy and governance can be difficult to navigate. Backups and cybersecurity insurance providers are effective strategies for recovering data after a ransomware attack, but won’t prevent attacks from occurring in the first place. Building strong, multilayered cybersecurity and protection measures are critical to building your defense against cybercrime. LevelUP Consulting Partners is comprised of full-time subject matter experts with years of experience helping organizations build and operationalize risk management programs. Click here to schedule a consultation.