Cybersecurity Crisis Grips Healthcare: 9 in 10 Providers Struggle to Keep Pace With Evolving Threats, Black Book Research

Despite 2023 warnings to strengthen cybersecurity defenses, ransomware attacks persist, resulting in significant financial losses, disruptions to operations, and jeopardizing patient care.

The 10th annual Black Book Research "State of the Healthcare Cybersecurity Industry" report reveals insights received from 2,797 CISO, CIO, data security, and patient data privacy professionals evaluating user satisfaction of over 400 software, services, and consulting firms. Additionally, 1,959 healthcare consumers were polled to supplement external perceptions and confidence in their providers' and payers' efforts to protect consumer and organizational data. 

An additional Q3 2023 survey of hospitals and physician practices conducted by Black Book cautioned that many cybersecurity solutions acquired before 2023 may now be outdated and ineffective against the evolving landscape of hacks and breaches in 2024. This poses a significant threat to marginally performing providers, who risk closure due to the financial strain and reputational damage caused by cybersecurity incidents. Moreover, the widespread use of remote access systems, reliance on insecure third-party IT vendors, and the rise in virtual patient consultations create additional vulnerabilities, allowing cyberattacks to infiltrate healthcare tech platforms.

Last year witnessed a significant surge in ransomware attacks targeting the healthcare industry. In 2023, 46 hospital systems fell victim to such attacks, a notable increase from 25 in 2022 and 27 in 2021. These attacks directly impacted at least 141 hospitals, leading to disruptions due to IT systems and patient data unavailability. The average cost of healthcare data breaches reached an all-time high in 2023, averaging $11 million, marking a 53% surge since 2020. Thirty-three out of the 46 attacks on health systems resulted in the theft of sensitive data, including protected health information.

In 2022, the average ransom payment was under $6,000. However, by 2023, there was an astonishing 25,000% surge, with the average payment skyrocketing to around $1.5 million. This dramatic increase in profits enables ransomware groups to expand their operations, pay initial access brokers, and acquire zero-day vulnerabilities, thereby enabling more attacks.

Consequently, the healthcare cybersecurity vendor and advisory market is set to experience substantial growth, with provider and payer IT professionals planning strategic investments exceeding $140 billion by 2025. This surge is driven by the escalating cyberattacks targeting health systems and payers during the first two quarters of 2024.

Ransomware attacks on U.S. healthcare providers hit a staggering $28.2 billion in costs in 2022, while security breaches alone incurred a hefty $7.3 trillion for healthcare companies by Q3 2023's end. Documented data breaches in medical practices and physician groups surged by 72% from 2019 to 2022, with hospitals and health systems experiencing a 59% increase over the same period. Additionally, 82% of IT managers reported multiple ransomware hits on their organizations in 2023 alone.

The 2024 ransomware attack on Change Healthcare, owned by corporate giant UnitedHealth Group, has so far caused $872 million in losses, according to the company's latest earnings report. Change Healthcare and UHG subsidiary Optum took hundreds of providers offline due to the incident and faced criticism from the White House and Congress over handling the ransomware attack.

"The consequences of the recent ransom attack on the nation's largest clearinghouse vendor go beyond just disrupting claims processing; it disrupts critical processes essential for maintaining patient care," said Doug Brown, President of Black Book Research, "These tangible impacts on human health underscore the immediate need for comprehensive cybersecurity measures across the entire healthcare sector."

According to Black Book's study, healthcare data breaches cost an average of $697 per record, marking the highest figure across industries for a decade. This amount is more than four times the cross-industry average of $170 per record, highlighting the critical importance of cyber data security for provider and payer sectors.

In the accompanying Black Book survey of healthcare consumers, 91% expressed heightened anxiety regarding external entities' potential misuse of their health information. Present security risks have led to 79% of consumers feeling reluctant to share their health data electronically due to privacy concerns between providers' systems. Consumer confidence in medical organizations' compliance with HIPAA and data privacy regulations is strikingly low, with only 8% expressing high confidence.

Furthermore, 97% of healthcare consumers harbor skepticism about the efficacy of current government regulations in safeguarding their health data. Twenty-two percent of consumers would consider switching to a provider prioritizing data privacy protection if they could compare or verify their respective provider's data protection technologies.

Ninety percent of chief information security officers (CISOs) believe that software and services vendors fail to sufficiently address cybersecurity processes or alleviate implementation complexities, thus hindering user experience improvement for healthcare industry clients.

Eighty-six percent of IT professionals in health plans agreed with the sentiments that data attackers are outpacing their organizations, holding payers at a continued disadvantage in responding to vulnerabilities in 2024.

"Most health system CISOs and CIOs are now compelled to adopt next-generation cybersecurity tools and solutions to safeguard their organizations' data and maintain financial viability," stated Doug Brown, President of Black Book™. "The healthcare sector faces a growing threat landscape, including malware, ransomware, breached records, patient privacy concerns, phishing attacks, and cyber threats, especially with the increasing adoption of telehealth, external clearinghouses, outsourced IT services, and remote patient monitoring."

Black Book Market Research LLC conducts comprehensive polls and surveys involving healthcare executives and front-line users to assess their current technology and service partnerships. These assessments involve awarding top-performing vendors based on qualitative measures of client experience and satisfaction with solutions/services alongside three indicators of customer loyalty. The current polling period collects client experiences of a diverse array of vendors, encompassing data security services, core products and solutions, software, consulting, and outsourcing. 

Black Book surveyed users of 25 categories of cybersecurity vendors, consultants, and advisors, which produced the 2024 ratings of the highest-performing suppliers in healthcare, which was announced previously. Full rankings of hundreds of vendors can be viewed at https://blackbookmarketresearch.com/health-data-security-and-privacy.  

According to the sweeping crowd-sourced survey of users, the top-performing healthcare industry vendors and consultants in terms of client satisfaction for 2024 engagements and implementations are:

END-TO-END ENTERPRISE CYBERSECURITY SUITE SOFTWARE & SERVICES – CROWDSTRIKE

CYBERSECURITY ADVISORS & CONSULTANTS – CLEARWATER

APPLICATION SECURITY TESTING SOLUTIONS – HEALTHASYST

AUTHORIZATION /AUTHENTICATION & SINGLE SIGN-ON SOLUTIONS – IMPERVA

SECURE DIGITAL COLLABORATION PLATFORMS (BLOCKCHAIN-ENABLED) – AVANEER HEALTH

CLOUD SOLUTIONS - CLEARDATA

COMPLIANCE & RISK MANAGEMENT SOLUTION - CLEARWATER 

CYBERSECURITY AWARENESS TRAINING & EDUCATION – FORTIFIED HEALTH SECURITY

DATA ENCRYPTION – IBM GUARDIAN DATA ENCRYPTION

DDOS – RADWARE

EMAIL ENCRYPTION - ZIX

END POINT SECURITY SOLUTIONS – SYMANTEC ENDPOINT SECURITY

ENTERPRISE FIREWALL NETWORKS – FORTINET

GENERAL DATA PROTECTION REGULATION VENDORS (US-BASED FIRMS) – SAILPOINT

IDENTITY MANAGEMENT & GOVERNANCE SOLUTIONS – CYBERARK

INTRUSION DETECTION & THREAT PREVENTION – CISCO UMBRELLA

INTERNET OF MEDICAL THINGS (IOMT) & MOBILE HEALTHCARE DEVICE MANAGEMENT/EDM – MEDIGATE CLAROTY

OUTSOURCING & SECURITY NETWORK MANAGED SERVICES - CLOUDWAVE

PATIENT PRIVACY MONITORING& HIPAA SOLUTIONS – IATRIC SYSTEMS HAYSTACK

RANSOMWARE PROTECTION – SEMPERIS

SECURITY ANALYTICS – BARRIER1

SECURE COMMUNICATIONS PLATFORMS: PHYSICIAN PRACTICES – PERFECTSERVE

SECURE COMMUNICATIONS PLATFORMS: HOSPITALS & HEALTH SYSTEMS – SPOK

SECURE HEALTHCARE WEB GATEWAYS & PROTECTION – PALO ALTO NETWORKS

SECURITY INFORMATION & EVENT MANAGEMENT SOLUTIONS (SIEM) – AT&T CYBERSECURITY

__________________________________________________________________

About Black Book Research
Black Book Market Research LLC, along with its founder, management, and staff, maintain no financial interests in any of the cybersecurity vendors covered in their surveys. They report satisfaction and client experience rankings transparently and independently, publishing results before notifying vendors and without soliciting any fees or collaboration from vendors. Since 2009, Black Book has been surveying healthcare software and services users, expanding its reach to IT and health records professionals, physicians, nurses, financial leaders, executives, and hospital IT managers. They began polling cybersecurity services and product satisfaction exclusively within the healthcare industry in 2011.

Press contact, research@blackbookmarketresearch.com for additional information.

Source: Black Book Research

Share: