Cyberattacks Result in Freezing of Healthcare IT Safety Budgets

May 11, 2018

 

A lately-circulated Black Book Research report demonstrates that roughly 90% of healthcare groups have faced a data violation since Q3 2016, yet IT safety investment at 88% of hospitals remains at 2016 figures.

This information is the outcome of a survey of more than 2,400 safety experts from 680 provider groups. The emphasis of the study was to find the causes why the healthcare sector is specifically susceptible to cyberattacks.

Black Book Research describes in the statement that since 2015 there have been over 180 million healthcare files stolen, with roughly one in 12 healthcare consumers affected by a data breach at a supplier business. Nine out of ten healthcare suppliers have suffered a breach, however, nearly 50% of suppliers have suffered over 5 data breaches since Q3, 2016.

There has been a clear surge in healthcare data breaches since 2015, with cybercriminals and nation state-supported hackers more and more aiming the healthcare sector. Although cyberattacks are rising, healthcare IT security budgets are not rising. It is proving increasingly tough to find the needed money to make substantial improvements to cybersecurity defenses because cybersecurity doesn’t generate income. Part of the problem is a lack of funds to substitute defenseless legacy systems and appliances.

Money is being invested in cybersecurity solutions, even though all too often solutions are bought without sufficient knowledge of the product base, with IT divisions lacking vision or discernment. The study indicated 92% of data safety product and service decisions have been taken at the C-suite level, with department managers having no input into financing decisions.

89% of surveyed CIOs said they bought cybersecurity solutions to meet compliance requirements instead of to decrease risk. When cybersecurity solutions are bought, it is rare for the effectiveness of those solutions to be checked. Just 4% of groups surveyed had a steering board that assessed the effect of investments in cybersecurity.

Contracting the services of a cybersecurity seller before an attack lets hospitals to settle the best deal; nevertheless, several hospitals have been put at a severe disadvantage by seeking assistance from third parties after a cybersecurity occurrence. 58% of hospitals only decided to outsource safety after a cybersecurity breach.

A quick reaction to a cyberattack can greatly limit the damage caused, even though finding cyberattacks and data breaches are still the main challenges. 29% of healthcare groups lack a safety solution that lets them to promptly find and react to a cyberattack.

Although most hospitals have framed an incident reaction plan, 83% of surveyed healthcare companies have not carried out a cybersecurity occurrence exercise to check the effectiveness of their occurrence reaction strategy. Without carrying out such testing, it’s not possible to say how effective the plan will be in the event of the main incident happening.

Not having sufficient safety goals in strategic and tactical plans, inadequate funding, poorly selected cybersecurity solutions and a reactive instead of proactive cybersecurity plan make the healthcare industry specifically vulnerable to attack. Until modifications are applied to address all of those areas, the healthcare sector will remain particularly susceptible to attack and cyberattacks are likely to continue to increase.