Healthcare groups stand to lose millions if not careful about cyberattacks
Close to half of healthcare organizations have experienced a cybersecurity incident or unsure if they have experienced one, reveals a recent study. The uncertainty resulted from the lack of proper forensics or data breach assessment.
The study, titled ‘Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World,’ was carried out by Frost & Sullivan and commissioned by Microsoft in May last year. It also discovered more than three-in-five healthcare organizations have delayed their digital transformation projects due to fear of cyberattacks.
According to study projections, large sized healthcare organizations in the Asia Pacific could stand to lose US$23.3 million in a cyberattack incident. In comparison, a mid-sized establishment would incur a loss of US$17,000. This is a stark difference of more than 300-fold difference. The study defined large-sized organizations as those with more than 500 employees while a mid-sized organization was on employing between 250 and 499 persons.
The cost of a cybersecurity breach manifests in direct and indirect ways. Direct losses are those financial in nature, which include loss of productivity, fines, remediation costs and more. Indirect losses pertain to the opportunity cost to the organization such as customer-loss and reputation damage.
Kenny Yeo, Industry Principle, Cyber Security, Frost & Sullivan, said: “With more and more healthcare organizations in Asia Pacific moving beyond digitization into transformation and rallying with innovation, building a strong foundation with security and compliance has become critical.” Thus, the incorporation of security and privacy into all aspects of digital interactions is no longer optional, rather, it should be mandatory especially in healthcare organizations as they handle sensitive and confidential information.
What causes the most damage
Of the many cyberattacks healthcare organizations could encounter, web defacement and data exfiltration would have the biggest impact on their operations and often result in significantly delayed recovery time.
Web defacement, while seemingly just an attack on the organization’s website, can lead to more serious consequences as these sites are increasingly being used to engage patients, make appointments and medicine top-up arrangements. As one could imagine such a scenario would make for poor patient perception of the organization.
Data exfiltration results in more direct and dire impacts on healthcare organizations. Just like physical criminals, cyber ones are always prowling and trying to infiltrate healthcare organizations’ systems to pilfer the information stored within. These include proprietary intellectual property and patients’ personally identifiable information, which fetch lucrative amounts of money in the black market.
Besides external threats, the study also uncovered that many healthcare organizations’ security posture is being undermined by archaic approaches to cybersecurity. For instance, almost half of study respondents viewed cybersecurity as a safeguard against cyberattacks. Instead, industry players should be looking at cybersecurity as a business differentiator and enabler for digital transformation.
Cybersecurity is also an afterthought to healthcare organizations as only 18 percent of those who had encountered cyberthreats considered building a cybersecurity strategy prior to initiating a digital transformation project. Some only thought about cybersecurity after the commencement of digital transformation or did not take cybersecurity into account at all. Sometimes there can be too much of a good thing, too, as complex security environments impede recovery time in case of a cyberattack.
Artificial Intelligence is the likely solution
The study had a silver lining though, as it revealed the increasing use of AI to improve medical professionals’ efficiency and workflow, and enhance clinical expertise at scale. On the same note, healthcare organizations are also utilizing AI to augment the security capabilities of their systems and strengthen their cybersecurity teams. The study revealed that 81 percent of healthcare organizations have either adopted or are considering an AI-based approach to enhance their cybersecurity strategy.
According to Keren Priyadarshini, regional business lead, Worldwide Health, Microsoft Asia.
“An AI-driven cybersecurity architecture can help healthcare organizations to increase the number of detections which would otherwise be missed while providing data signal interpretations and recommended actions for cybersecurity professionals. Such systems are particularly critical for healthcare organizations that are undergoing digital transformation journey as huge volumes of data in the cloud can be analyzed rapidly for security threats.”