2024 Outlook: Cybersecurity trends every health system leader should know.

The healthcare industry needs to be prepared for an anticipated increase in cyberattacks in 2024, with smaller healthcare providers becoming particularly vulnerable. In 2023, the US Department of Health and Human Services (HHS) Office for Civil Rights received 541 notifications of data breaches affecting over 500 individuals. These incidents prompted some healthcare providers to suspend elective procedures and staff access to IT applications, leading to disruptions in patient care. The financial costs of healthcare cybersecurity breaches also rose significantly in 2022, with an average cost of $10.1m per incident. Attacks on third-party vendors and the broader supply chain also increased. Healthcare organizations need to improve their cybersecurity posture by implementing “multi-layered” security strategies, conducting regular audits and building a culture of continuous improvement. Experts recommended focusing on fundamental security hygiene, including patching vulnerabilities and closely monitoring connected devices. In addition, healthcare organizations should collaborate with vendors to establish robust cybersecurity protocols. The regulatory landscape is also changing, with states proposing tighter cybersecurity regulations and the US HHS introducing a combination of voluntary goals and cybersecurity requirements that could come with payment hits and financial penalties for non-compliance. Experts predict that future regulations will focus on resilience rather than preventive controls, and will emphasize governance and executive involvement. Despite these developments, experts believe that a lack of funding remains a significant challenge for healthcare providers trying to improve their cybersecurity posture.