Dive Brief:
- Most healthcare organizations have faced significant financial, operational and clinical consequences from cyber threats in the past two years, according to a survey published this week by Ernst & Young and Klas Research.
- More than 70% reported moderate to severe financial impact from an incident in the past two years, according to the report by the health IT researcher and the consultancy.
- Additionally, 60% said they faced significant operational impacts, while 59% cited clinical challenges, like delayed treatments or compromised patient trust.
Dive Insight:
Cybersecurity has become a major concern for healthcare organizations, as attacks and data breaches can cause significant patient care disruptions and cost millions in recovery expenses.
Healthcare organizations are facing frequent threats, according to the EY and Klas report, which surveyed 100 executives responsible for cybersecurity decisions.
Leaders reported they had experienced an average of five different types of threats in the past year, most commonly phishing — where attackers attempt to deceive workers into divulging sensitive information — and breaches at third-party vendors.
Investing in cybersecurity is key, executives said. More than 80% said prioritizing cyber preparedness in an organization’s business strategy is effective at helping them overcome mounting threats.
But finding funds for cybersecurity isn’t always easy, according to the report. Nearly two-thirds of respondents said competing organizational priorities or tight budgets are top challenges to meeting cyber goals.
“While cyber executives say leadership support has improved, additional resources and backing are needed,” the report said. “Leaders said the challenge isn’t getting approval, but sustaining commitment when budgets tighten or priorities shift.”
Finding skilled staff to bolster cybersecurity at healthcare organizations is also difficult, according to the survey. Some executives said cyber roles could remain open for years as they search for qualified staff, pushing them to rely more heavily on contractors.
These professionals are in short supply generally, and all sectors now need access to cybersecurity experts. Healthcare could face a competitive landscape when other industries can afford to pay more, experts say.
Still, more than half of respondents said training and upskilling is an effective way to overcome cyber challenges.
Security at vendors is another particularly difficult challenge for healthcare organizations, which likely work with a number of third parties for products like medical records, revenue cycle management tools or digital health products.
Nearly 70% said they would increase investment in enforcing cybersecurity requirements in vendor contracts in the coming fiscal year, and more than half said they’d focus on regulatory concerns with third-party cybersecurity.
