For HomeFor BusinessFor Partners
Business Insights
6 min read

New Study Pegs Hospitals as ‘Sitting Ducks’ for Cyberattacks

Filip Truta

November 16, 2020

New Study Pegs Hospitals as ‘Sitting Ducks’ for Cyberattacks
  • It takes 70% longer to fill cybersecurity roles in health systems than other IT jobs
  • 75% of CISOs said experienced cybersecurity professionals are unlikely to choose the healthcare industry as a career path because of the hurdles associated with the job
  • More than in other industries, healthcare CISOs are ultimately held responsible for a data breach
  • 90% of employees who shifted to remote work did not receive updated cybersecurity guidelines or training
  • Cybersecurity shortages are forcing a rush to acquire services and outsourcing

Maintaining good cybersecurity hygiene in healthcare settings has become a nightmare, new research indicates. IT budgets are tight, staff and skills are lacking, and leadership is hard to find as the impact on a CISO’s career is simply too big in case of a security incident.

While some studies project a positive outlook for the global cybersecurity workforce, the healthcare industry doesn’t quite fit that model, according to Black Book Research. The firm’s surveys with various providers and job ranks have uncovered concerns about the state of cybersecurity in healthcare today. According to the research, there are so many gaps, vulnerabilities and deficiencies that healthcare institutions are essentially ‘sitting ducks’ for malicious actors.

A ‘people’ problem

Ninety-six percent of IT professionals in one survey said cybercriminals are outpacing their organizations’ defenses, leaving providers at a disadvantage in responding to vulnerabilities.

In a survey of 291 healthcare human resources executives,the researchers found it takes 70% longer to fill cybersecurity roles in health systems than other IT jobs.

In a poll of 66 health system CISOs, three quarters said experienced cybersecurity professionals are unlikely to choose a career in the healthcare industry because of hurdles associated with the job– especially in a cyber incident.

“More than in other industries, healthcare CISOs are ultimately held responsible for a data breach and the financial and reputation impacts to the provider organization despite having extremely limited decision-making technology or policy making authority,” according to the report.

Remote work and cloud-based operations

Healthcare cybersecurity has become even more complicated amid the COVID-19 pandemic, as understaffed IT security departments are scrambling to accommodate the surge in demand for remote services from patients and physicians while also responding to the surge in security risks.

90% of health systems and hospital employees who shifted to a work-at-home assignments due to the pandemic did not receive updated guidelines or training on the increasing risk of accessing sensitive patient data.

"Despite the rising threat, the vast majority of hospitals and physicians are unprepared to handle cybersecurity threats, even though they pose a major public health problem," said Brian Locastro, lead researcher on the 2020 State of the Healthcare Cybersecurity Industry study by Black Book Research.

To mitigate some risk, 59% of health system CIOs surveyed are shifting security strategies to address user authentication and data access.

Cybersecurity outsourcing (MDR/SOC) in high demand

Also among the C-suite, 69% said their health system's budget for cybersecurity consulting is increasing in 2021 to address gaps, secure network operations, and user security on-premises and in the cloud.

More importantly, the shortage of cybersecurity professionals and lack of appropriate technology solutions are forcing a rush to acquire services and outsourcing. Vendors, for their part, are responding to the labor crunch by offering healthcare providers and hospitals a growing portfolio of managed cybersecurity services, like Managed Detection and Response (MDR), or Security Operations Center as a Service (SOCaaS), the research showed.

Other findings include:

  • Cybersecurity spending is increasing in the healthcare industry, averaging 21% year over year since 2017
  • 80% of healthcare organizations have not had a cybersecurity drill with an incident response process, despite skyrocketing cases of data breaches in the industry
  • Only 14 percent of hospitals and six percent of physician organizations believe that a 2021 assessment of their cybersecurity will show improvement from 2020
  • 93% of healthcare consumers who used medical or hospital services in the last 18 months said they would leave their provider if their privacy was comprised in an attack that could have been prevented

tags

Business Insights

Author

Filip Truta

Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

Right now Top posts

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

Bitdefender Threat Debrief | November 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | November 2024

November 07, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Bitdefender Threat Debrief | October 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | October 2024

October 10, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Enterprise Security Endpoint Protection & Management

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Bitdefender Enterprise

November 21, 2024

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Enterprise Security Endpoint Detection and Response

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Jade Brown and Nikki Salas

November 20, 2024

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Enterprise Security Endpoint Protection & Management Endpoint Detection and Response

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Daniel Daraban

November 19, 2024

Bookmarks

loader