There are three issues that are causing the healthcare industry major cybersecurity issues.
One: A survey found that 40% of organizations devoted 6% or less of their technology budgets to cybersecurity.
Two: The attack surface is expanded. It's not just email, but telehealth and medical devices. According to a report, 60% of all medical devices are unpatchable.
Three: Ransomware causes large hospitals to be shut down for 6.2 hours, while it causes midsize hospitals nearly 10 hours of shutdown time. In all, 48% of US hospitals have had networks disconnected due to ransomware in 2021.
So here's the issue: Budgets aren't high, causing a lack of personnel and technology. The threat is everywhere, meaning that the minimal teams have to cover a wider attack surface. And then when ransomware hits, it causes major damages, both financially and to patient care. One study found that data breaches not only reduce the quality of care, but actually increase the 30-day mortality rate, not just in the immediate aftershocks, but up to two years later.
The best thing to do is to contain email, which is the number one threat leading to breaches.
When a ransomware attack hit the Irish health system, eighty percent of the country's IT system was encrypted, hospitals canceled appointments and surgeries and it cost the government $600 million to get the system back and running. What caused it? An employee clicked on a malicious Excel spreadsheet attached to an email.
By reducing the biggest threat, it can make it easier to contain the other issues.