According to various reports, healthcare organizations are among the most targeted by cybercriminals. In 2023, the FBI’s Internet Crime Complaint Center (IC3) received 1,193 complaints from organizations belonging to a critical infrastructure sector that were affected by a ransomware attack. The healthcare industry was the worst hit, with 249 attacks.
Despite handling sensitive patient data, the latest data shows that healthcare organizations need proper cybersecurity measures. A HIPAA Journal analysis shows that in 2023, breached records increased by 156% from 2022 to 133 million in the healthcare sector. In 2023, an average of 373,788 healthcare records were breached every day.
Meanwhile, the Cybernews Business Digital Index reveals that 45% of analyzed* healthcare companies worldwide scored an “F” for their cybersecurity efforts.
Healthcare organizations are running behind
The sensitive nature of patient data attracts cybercriminals’ attention. While you might assume that healthcare organizations would treat their customers’ information with extra care, most are short on cybersecurity budgets and do not apply good data protection practices.
According to the Business Digital Index, which grades businesses based on their online security measures, 45% of analyzed healthcare companies worldwide scored F, and 23% got a barely passing grade of D. Only 3% of healthcare organizations were worthy of an A rating for their security measures.
It does not get much better with other ratings, either, as 4% of healthcare companies were rated B, and 24% got a score of C. Just two companies received the best rating of 97 points out of 100. However, the average of all analyzed companies was just 71.
Most common security issues
The Business Digital Index shows that the most common security issue is related to Secure Sockets Layer (SSL) configuration, with over 6,000 issues found in 201 healthcare businesses. In addition, these organizations lost over 21K corporate credentials.
Protecting corporate and client information is more challenging when around a third (30%) of employees reuse breached passwords. In addition, the index found over 700 critical and high-risk vulnerabilities in healthcare company websites.
Just this year, UnitedHealth’s Change Healthcare platform suffered a data breach affecting over 100 million Americans. Hackers deployed ransomware to disrupt operations and exfiltrate sensitive information. This was the largest-ever healthcare data breach in the US and laid bare the crucial nature of cybersecurity in this industry.
On a more positive note, only a fifth (18%) of healthcare companies have potentially spoofable domains. However, 55% of organizations should work on improving their cloud-hosting systems, as they are currently low-level.
*Results from analysis of 1,182 financial and healthcare companies worldwide.
The convergence of tech and brands 