Cybersecurity in healthcare has become a pressing concern. The joint report from Proofpoint and the Ponemon Institute, Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2024, highlights that 92% of surveyed healthcare organisations experienced at least one cyber attack in the past year, a rise from 88% in 2023. The consequences of these attacks are profound, with 69% of organisations reporting disruptions to patient care.
The most concerning findings relate to the types of attacks that have emerged as significant threats. Among the most common—cloud compromise, ransomware, supply chain attacks, and business email compromise (BEC)—56% of organisations reported poor patient outcomes due to delays in procedures and tests. Alarmingly, 28% noted an increase in patient mortality rates, reflecting a troubling trend in healthcare cybersecurity.
Supply chain attacks have proven particularly detrimental, with more than two-thirds of respondents indicating their organisations faced such attacks. Of those, 82% reported disruptions to patient care, underscoring the vulnerability of interconnected healthcare systems. BEC attacks were found to be the most likely to lead to poor outcomes, while ransomware was associated with longer hospital stays and patient transfers.
Despite the grim statistics, there are signs of progress. Larry Ponemon, founder of the Ponemon Institute, noted an increasing recognition of cybersecurity's importance to patient outcomes, with IT budgets rising and fewer practitioners citing budget constraints as a barrier to effective cybersecurity.
However, challenges remain. Over 90% of organisations reported data loss incidents involving sensitive information, with employee negligence being a significant factor. The report highlights that traditional compliance-based training is insufficient; 59% of respondents conduct regular training, yet many still fall short in mitigating human error.
Additionally, the lack of clear leadership in cybersecurity initiatives poses a growing threat. While 55% of respondents identified insufficient in-house expertise as a barrier to strong cybersecurity, the percentage citing leadership issues surged from 14% to 49%.
The integration of AI and machine learning into cybersecurity practices offers a glimmer of hope. More than half of the respondents reported utilising AI to enhance their cybersecurity posture, indicating a shift towards more proactive and responsive security measures.
The study underscore the critical intersection of cybersecurity and patient safety. As healthcare institutions confront the rising tide of cyber threats, a comprehensive approach that prioritises both technological solutions and human factors is essential to safeguard patient care and maintain trust in healthcare systems.
