Cybersecurity in healthcare: Even in 2023, the cyber incidents that have affected our country have not stopped. Nowadays, network security is a topic on the agenda for companies of every sector and size. As highlighted by recent data from the Cybersecurity & Data Observatory of the Polytechnic University of Milan, in 2022, there were an average of 207 malicious attacks per month in Italy. In the “cybercrime” category, i.e. with the aim of extortion in all its forms, they account for as much as 82% of total serious violations, a phenomenon that tells itself in just two numbers.

The Observatory states that, in 2022, for the second consecutive year, there was a strong growth of organizations towards increasing budgets for IT security solutions, indicating a better sensitivity on the topic, particularly on the consequences that an attack can cause for the business. On an international level, Clusit recalls how Italy sees a slightly growing relationship between cybersecurity spending and GDP after the increase in investments driven by the PNRR. We are close to 0.10% in a panorama with a ratio of 0.31% for the countries in the first tier, the United States and the United Kingdom.

A scenario in the process of being defined

The events marked the last two years have done nothing but exacerbate an area of security already put to the test by the pandemic. Various factors increase exposure to cyber risks. Among these are the strategic company supply chain, exposure to the current geopolitical context and possession of sensitive and precious data. In recent years, the healthcare sector has undergone a profound transformation. The pandemic has forced companies to identify new digital-first methods to serve their customers and to adopt tools capable of ensuring long-term operations in the face of other crises.

A KPMG study found that 63% of healthcare companies are progressing on their digital transformation journey compared to 44% of other industries. This shift has led to the rise of telemedicine services and increased adoption of SaaS partners, IoT devices and digital infrastructures. As a result, the healthcare sector has found itself facing new, previously unknown risks and attacks.

Data to defend in the healthcare sector

KPMG highlights how, globally, healthcare organizations have seen an unprecedented increase in cyber-attack volume, +69% compared to a year ago. The challenge for 2023 is to understand how to adapt to a post-pandemic world that includes this new digital transformation, facing new threats that now target everyone. Therefore, balancing digital initiatives with cybersecurity becomes a diktat within a comprehensive risk management and resilience strategy. It is no coincidence that the funds allocated by the PNRR to healthcare also encourage us to move on, expanding the technological resources available without neglecting safety. Tools such as telemedicine for the management of chronic patients and the use of real-time monitoring tools are key innovations, the adoption of which must coincide with suitable protection measures for the IT perimeter of the reference companies and institutions.

The latest report, “The Cost and Impact on Patient Safety and Care” by the Ponemon Institute, paints an obvious picture. Ponemon interviewed more than 640 global healthcare IT professionals responsible for cybersecurity strategies and initiatives. According to the researchers, 89% of the organizations analyzed had to face at least one attack in the previous 12 months. However, the average is the most worrying figure: 43 intrusion attempts in 2022. Based on the responses, the report states that the average cost of dealing with a cyberattack was $4.4 million, including legal assistance and the loss of customers. Ponemon also identifies the four attacks that primarily affect the healthcare industry: cloud compromise, ransomware, supply chain and corporate email compromise. 75% of respondents say their organizations are vulnerable to a cloud compromise, and 54% say they have experienced at least one in the last two years.

However, in addition to being more vulnerable, these companies are also the best prepared to deal with particular breaches, with 63% deciding to take steps to be prepared and respond to cloud cyberattacks. Ransomware is the second most important vulnerability. 72% of respondents believe their organizations are vulnerable to a ransomware attack, and 60% say this is the type of attack they are most concerned about. Over the last few years, 62% have adopted measures to prevent and respond to ransomware to overcome this fragility. Poor preparation puts patients at risk. While 71% of respondents believe they are vulnerable to supply chain attacks and 64% feel the same about BEC and spoof phishing, only 44% and 48%, respectively, have a documented response to these types of intrusions.

Technologies to defend

Innovation in healthcare must also be governed, avoiding integration as an end in itself, which can bring more risks than benefits. For Ponemon, 64% of IT managers say they are concerned about the security of devices that use Internet of Medical Things (IoMT) connections in their centers, so much so that only 51% include such tools in their cybersecurity strategy. Then there is the issue of skills. 53% of survey participants declare that the lack of internal skills is a very complicated challenge to face, with 46% not having sufficient staff to manage cyber risk. Among the possible countermeasures, the monitoring of employees to avoid inattention or negligence comes to the fore. What countermeasures to adopt? Let’s take a look at the infographics.

As part of their security strategies, 60% of respondents say their organizations use threat intelligence. Threat intelligence tools aimed at ensuring healthcare security place primary emphasis on monitoring network traffic. Subsequently the use of firewalls and data scouting on the dark web. Social media also represent an essential source of monitoring, also for implementing preventive policies for the dissemination of data or information useful for perpetrating phishing campaigns.

It is clear that the healthcare sector still needs to consolidate clear cyber security guidelines in its processes. The consequences, according to the managers themselves, can still be disastrous. Ransomware can block hospital operations for days, slowing down operations and putting people’s lives at risk. The intrusion into connected devices causes even greater damage, directly linked to the safety of patients. Rethinking your defenses is therefore not an option but a necessity, in a hyper-connected and still extremely fragile world if not properly protected.