Connect with us

Hi, what are you looking for?


IoT Security

Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

Roughly 78% of the healthcare organizations in North America, South America, the APAC region, and Europe experienced a cyberattack over the past year, according to a new report.

Roughly 78% of the healthcare organizations in North America, South America, the APAC region, and Europe experienced a cyberattack over the past year, according to a new report from industrial and IoT security firm Claroty.

Polling responses from 1,100 cybersecurity, IT, engineering, and networks professionals working full time at healthcare organizations, the report reveals that the attacks impacted IT systems, sensitive information, medical devices, and management systems at the affected organizations.

“While IT systems were impacted in 42% of incidents, respondents report other critical information and assets were also impacted, specifically protected health information (PHI) data (30%), medical devices (30%), and BMS devices (27%),” the survey (PDF) reads.

Of the respondents whose organization experienced a cyberattack, 60% said care delivery was affected to some extent, while another 15% reported severe impact on patient health and/or safety.

The survey shows that most healthcare organizations (78%) have implemented a clear medical device security leadership, most often under IT security, and more than half of them have increased their security budgets.

The cybersecurity programs implemented within the surveyed organizations cover sensitive data (including health information), IT systems and endpoints, medical devices, building management systems, and other internet-connected assets.

When asked about the financial costs associated with the experienced incidents, 43% of the respondents placed them in the $100,000 to $1 million range, while 24% said the costs were between $1 million and $10 million.

Advertisement. Scroll to continue reading.

Roughly 26% of the respondents admitted that their organization paid a ransom, which added to the total costs associated with the attack. Operational downtime, fines, legal fees, insurance premiums, and reputational damage were also factors adding to the financial costs.

More than 60% of the respondents said they were concerned of cyberattacks targeting their organizations, with ransomware, internal threats, supply chain attacks, and distributed denial-of-service (DDoS) attacks raising the most concerns.

Most organizations, the survey shows, still need to improve their strategies and solutions around cybersecurity and vulnerability management.

Overall, “38% of organizations are at or below basic levels of network segmentation, creating potential exposure to risk”, the survey shows.

While organizations say they continue to invest in improving their security processes, many say the lack of budget is a gap that needs to be filled.

More than 70% of organizations are looking to hire in cybersecurity roles, but 80% say it is difficult for them to find qualified candidates.

“The healthcare industry has a lot working against it on the cybersecurity front—a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage. Our research shows that healthcare organizations need the full support of the cyber industry and regulatory bodies in order to defend medical devices from mounting threats and protect patient safety,” Claroty CEO Yaniv Vardi said.

Related: Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

Related: Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches

Related: 1 Million Impacted by Data Breach at NextGen Healthcare

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.

IoT Security

An innocent-looking portable speaker can hide a hacking device that launches CAN injection attacks, which have been used to steal cars.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

IoT Security

Researchers at offensive hacking shop Synacktiv demonstrated successful exploit chains and were able to “fully compromise” Tesla’s newest electric car and take top billing...

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

IoT Security

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information.

IoT Security

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV...