Healthcare Industry gets 'B+' on Cybersecurity for 2024

Published On 2024-06-27 04:30 GMT   |   Update On 2024-06-27 12:14 GMT
Advertisement

New York: A new research by SecurityScorecard highlights both the robust security and significant vulnerabilities facing the U.S. healthcare sector in 2024. Despite achieving an overall security rating of “B+” for the first half of the year, the industry is grappling with a critical vulnerability: supply chain cyber risk. The new report, “The Cyber Risk Landscape of the U.S. Healthcare Industry, 2024,” examines historical breach data and security ratings to provide insights for healthcare organizations to stop supply chain breaches.

Advertisement

In the wake of the Change Healthcare ransomware attacks, SecurityScorecard STRIKE threat analysts investigated the most critical risks faced by the 500 largest U.S. healthcare companies. Key findings underscored the sector’s solid security posture, with an average security score of 88. However, organizations holding a “B” rating were found to be 2.9 times more susceptible to data breaches compared to those with an “A” rating.

The report highlighted that healthcare leads among industries in third-party breaches, accounting for 35% of such incidents in 2023.The supplier ecosystem is a highly desirable target for ransomware groups. Attackers can infiltrate hundreds of organizations through a single vulnerability without being detected.

Medical device and equipment companies, in particular, faced heightened risks, scoring 2-3 points lower than those of the overall healthcare sample and reporting a 16% higher rate of breaches and compromised machines than those in other healthcare sectors.

Application security issues are among the most significant flaws in healthcare attack surfaces – 48% of organizations scoring the lowest in this category. The software supply chain gives an attacker access to source code, build processes, pipeline tools, or software updates to carry the attack downstream to the supplier’s customers, which often implicitly trust the vendor and its systems.

Despite the escalating threat landscape, only 5% of healthcare organizations publicly reported breaches in the past year, with 6% detecting compromised machines on their networks in the past 30 days. Ransomware remains a top threat to the industry, as reflected in the public reporting on these attacks.

As a result of Change Healthcare costing some companies $1 million per day, corporate security executives are doubling down on efforts to bolster supplier oversight and cybersecurity measures. Every organization must scrutinize its data security practices, assess third- and fourth-party access to sensitive data, and identify critical vendors essential to revenue.

Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence, said, “One single point of failure, like Change Healthcare which underpinned medical claims processing, can cripple the entire healthcare ecosystem. And history will continue to repeat itself if the cybersecurity community does not actively monitor supply chain risk. Together, we must identify and address single points of failure.”

 The study analyzed security ratings and historical breach data of the 500 largest publicly traded healthcare companies in the United States, providing a comprehensive overview of the sector’s cybersecurity landscape.

Read also: NHS Cyber Attack: Stolen Blood test data allegedly published online

Tags:    

Disclaimer: This website is primarily for healthcare professionals. The content here does not replace medical advice and should not be used as medical, diagnostic, endorsement, treatment, or prescription advice. Medical science evolves rapidly, and we strive to keep our information current. If you find any discrepancies, please contact us at corrections@medicaldialogues.in. Read our Correction Policy here. Nothing here should be used as a substitute for medical advice, diagnosis, or treatment. We do not endorse any healthcare advice that contradicts a physician's guidance. Use of this site is subject to our Terms of Use, Privacy Policy, and Advertisement Policy. For more details, read our Full Disclaimer here.

NOTE: Join us in combating medical misinformation. If you encounter a questionable health, medical, or medical education claim, email us at factcheck@medicaldialogues.in for evaluation.

Our comments section is governed by our Comments Policy . By posting comments at Medical Dialogues you automatically agree with our Comments Policy , Terms And Conditions and Privacy Policy .

Similar News