The healthcare industry needs to be prepared for an anticipated increase in cyberattacks in 2024, with smaller healthcare providers becoming particularly vulnerable. In 2023, the US Department of Health and Human Services (HHS) Office for Civil Rights received 541 notifications of data breaches affecting over 500 individuals. These incidents prompted some healthcare providers to suspend elective procedures and staff access to IT applications, leading to disruptions in patient care. The financial costs of healthcare cybersecurity breaches also rose significantly in 2022, with an average cost of $10.1m per incident. Attacks on third-party vendors and the broader supply chain also increased. Healthcare organizations need to improve their cybersecurity posture by implementing “multi-layered” security strategies, conducting regular audits and building a culture of continuous improvement. Experts recommended focusing on fundamental security hygiene, including patching vulnerabilities and closely monitoring connected devices. In addition, healthcare organizations should collaborate with vendors to establish robust cybersecurity protocols. The regulatory landscape is also changing, with states proposing tighter cybersecurity regulations and the US HHS introducing a combination of voluntary goals and cybersecurity requirements that could come with payment hits and financial penalties for non-compliance. Experts predict that future regulations will focus on resilience rather than preventive controls, and will emphasize governance and executive involvement. Despite these developments, experts believe that a lack of funding remains a significant challenge for healthcare providers trying to improve their cybersecurity posture.
2024 Outlook: Cybersecurity trends every health system leader should know.
Latest from Blog
Get the inside scoop on cybersecurity with Contrast CISO David Lindner
TLDR: SQL injection remains a problem that can be prevented with application detection and response. Implementing multi-factor authentication can help lower cybersecurity insurance costs. CISA’s role in election disinformation highlights the need
Stay ahead with the Cybersecurity Pulse Report: Black Hat 2024 Edition
Cybersecurity Pulse Report – Black Hat 2024 Edition Summary TLDR: This will be uploaded to wordpress and so you can start with a Cybersecurity Pulse Report – Black Hat 2024 Edition Key
Moody’s: Cyber insurance competition rises, prices fall
Moody’s Ratings: Cyber Insurance Competition Up, Prices Down TLDR: Cyber insurance market poised for growth due to increased demand. New players entering the market may decrease premiums. Article Summary The cyber insurance
Syxsense acquires Absolute to beat cyber vulnerabilities with strength
TLDR: Absolute Security has acquired Syxsense to enhance its cyber resilience platform. The acquisition will simplify patching and remediation issues through automation. Article Summary: Absolute Security has acquired Syxsense to improve its
Apache’s OFBiz gets new fix for RCE exploits
TLDR: Apache released a security update for OFBiz to patch vulnerabilities, including a bypass of patches for two exploited flaws. The bypass, tracked as CVE-2024-45195, allows unauthenticated remote attackers to execute code
Feds caution: Russia-linked CVE threats target essential infrastructure
TLDR: Threat groups linked to Russia’s military intelligence service are targeting critical infrastructure in various sectors. The attackers have defaced websites, scanned infrastructure, and leaked stolen data. Summary: Federal authorities in the
Allies blame Russian military for destructive cyber-attacks
TLDR: US and allies accuse Russian military of launching cyber-attacks targeting critical infrastructure for espionage and sabotage purposes. Unit 29155, a cyber group affiliated with the Russian military, is responsible for deploying
Brazil bans X, and Tom Alcock on cybersecurity talent hunt
TLDR: Key Points: Brazil banned X (Twitter) due to misinformation during the presidential election. Tom Alcock, founder of Code Red Partners, discussed the importance of cybersecurity talent recruitment beyond traditional methods. In
Palo Alto Networks acquires IBM’s QRadar Assets in SIEM victory
Article Summary TLDR: Palo Alto Networks has acquired IBM’s QRadar SaaS assets to enhance its cybersecurity capabilities. The integration of QRadar’s assets into Palo Alto Networks’ Cortex XSIAM platform will lead to
NIST CSF 20: Secure your cyber world with confidence framework
TLDR: NIST has released Version 2.0 of its Cybersecurity Framework (CSF) with an enhanced focus on Privileged Access Management (PAM) and Identity & Access Management (IAM). Key updates in NIST CSF 2.0