Health care delivery organizations (HDOs) play a critical role in patient outcomes and quality of care, making them less tolerant of service disruptions to their networked devices and equipment.
Resource-constrained HDO security and IT teams continue to face the operational challenge of adequately protecting critical systems from increasingly sophisticated attacks due to their large and heterogeneous mix of systems. I’m here. IoMT device Fleets complicate management and provide a broad attack surface if left alone.
Asimily’s A Total Cost of Ownership Analysis of Cybersecurity Risks for Connected Devices This report highlights the unique cybersecurity challenges facing healthcare delivery organizations (HDOs) and the true cost of IoT and IoMT security risks.
Main findings
Emerging cybersecurity trends and challenges: This report reveals the leading cyberattack strategies currently impacting HDO medical devices. Ransomware attacks that spread to devices and disrupt services, malware introduced by third parties that impact device performance, and devices that communicate with unknown IP addresses that enable remote compromise.
Cyberattacks against healthcare providers have become very common, with the average HDO experiencing 43 attacks in the last 12 months. Unfortunately, many of these attacks have been successful, with 44% of HDOs suffering a third-party data breach in the past year alone.
High cost of doing nothing: For HDOs, today’s faulty landscape can be devastating. Cyberattack HDO costs an average of US$10.1 million per incident. Worse, cyber incidents are directly responsible for a 20% increase in patient mortality. Also, 64% of HDOs suffered from operational delays and 59% reported that their cybersecurity incidents resulted in longer patient hospital stays.
These financial and operational burdens are pushing many HDOs to the brink. In 2023, the average operating profit margin for hospitals will remain at 1.4%. More than 600 rural US hospitals are now at risk of closing, an environment where a small HDO could be devastated by one of his cyberattacks. work.
A bad device means bad results. HDO’s security and IT teams face a high-risk environment with 6.2 vulnerabilities in the average medical device. Adding to this challenge, more than 40% of his medical devices are nearing the end of their life and are poorly (or not) supported by their manufacturers.
Cybersecurity resources and personnel are limited. Even when device vulnerabilities are known, the HDO security team can only remediate 5-20% of known vulnerabilities each month.
Cyber insurance alone is no longer enough: With the surge in ransomware attacks and breaches in recent years, cyber liability insurers have introduced coverage limits and payout caps that are becoming less effective for HDOs. At the same time, cyber insurance fails to cover the costly reputational damage HDOs suffer post-breach.
The report concludes that adopting a holistic, risk-based approach is the most cost-effective and long-term effective way for HDO to protect critical systems and IoMT devices. .