Healthcare Is Experiencing a Cybersecurity Emergency

Hospitals are seeking creative ways to fund technology and cybersecurity protection measures amid a perfect storm of operational challenges that affect quality of care. These include:

  1. Rising Costs: Hospitals are likely to face continued pressure from rising costs, such as labor costs, supply costs and healthcare technology investments. Costs related to regulatory compliance, legal fees and malpractice insurance may also increase.  Healthcare costs rose 5% in 2022 and are expected to rise another 6% in 2023.
  2. Declining Reimbursements: Reimbursements from government and private insurance payers are declining, which can lead to revenue shortfalls for hospitals. Reimbursements may be tied to performance metrics or bundled payment models, which may require hospitals to improve care quality and reduce costs. The American Hospital Association estimates that 33% of hospitals are operating at a loss.  
  3. Mergers and Acquisitions: According to Forbes, after what was considered a lower volume of healthcare M&A activity in 2022, “global issues, such as the ongoing labor shortage, supply chain disruptions, geopolitical turmoil and fluctuating inflation concerns, may spur an increase in the number of healthcare industry M&A transactions” in 2023. The first quarter of 2023 seems to be off to a strong start according to most analysts, and cybersecurity leaders should continue to be prepared for challenges and risks managing cybersecurity risk during these transactions. These very same global issues noted by Forbes have a direct impact on cybersecurity risk and drive malicious actors to continue their attacks on the healthcare sector. 
  4. Labor Shortages: Healthcare workforce shortages may result in higher labor costs as hospitals compete for qualified staff. This can result in increased use of temporary staffing agencies and overtime pay for existing staff. Workforce and staffing issues were ranked as the number one concern of healthcare CEOs in the American College of Healthcare Executives 2022 annual survey. Hospital labor costs rose by more than one-third from pre-pandemic levels by the spring of 2022 according to a report from Kaufman Hall (labor costs account for more than 50% of hospitals’ total expenses).
  5. Cybersecurity risks: The pandemic required a quick pivot in technology to support telemedicine as well as additional options for employees to work remotely. Supply chains were disrupted, making it challenging to acquire necessary equipment and supplies. All of this led to major distractions and ultimately an increased attack surface allowing the adversary to target the healthcare industry. A 2022 Ponemon Institute report showed that 89% of the surveyed organizations had suffered a cyberattack in the prior 12 months, and the healthcare industry is one of the more heavily targeted industries.  

A Cybersecurity Emergency

So what do cybersecurity concerns mean to the healthcare industry? Many refer to it as a cybersecurity emergency where healthcare institutions, frequently with limited people and resources to respond, are seeing significant disruptions from eCrime groups and nation-state threat actors. Healthcare organizations across the world averaged 1,463 cyberattacks per week in 2022, up 74% from 2021, according to Check Point Research.

CrowdStrike has seen a major increase in unique and sophisticated techniques by adversaries in the last two years. The unrelenting and advanced barrage of cyberattacks against healthcare organizations is causing major financial damage as health systems struggle to mitigate the costs of data breaches. ThreatConnect researchers ​​found that small organizations (defined by the report as having a revenue of $500 million) face median ransomware losses of $15.2 million, with 30 percent of estimated operating income lost. Medium-sized organizations face median losses of $26.8 million with 15.36 percent of estimated operating income lost. Finally, large organizations face $101.2 million in losses according to the report, with just 4.92 percent of estimated operating income lost.

The IBM Cost of a Data Breach 2022 report stated the cost of a healthcare data breach hit $10 million USD, while news in 2022 included some healthcare organizations reporting breaches cost $100 million or more. Class action lawsuits will undoubtedly increase those costs when all is said and done. 

In 2022, CISA oversaw over 700 coordinated vulnerability disclosure cases and over 400 vulnerability advisories, and CISA added 557 new known exploited vulnerability (KEV) listings to its KEV catalog. Ransomware operators continue to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday by targeting hypervisors within healthcare. Managed service provider and supply chain compromises also continue to be a significant threat. The impact of ransomware on healthcare is not only disruptive and costly but can also put lives at risk. Consequences include delayed tests and procedures resulting in poor outcomes, increased severity of illness and length of stay, and higher mortality rates.  

Even though there is significant financial pressure, healthcare leadership teams now more than ever see cybersecurity concerns as critical risks to the business. These risks require strategy and prioritization from the top and have now largely been incorporated into hospitals’ existing risk-management and governance programs as a cornerstone of the business-continuity framework. When a strong cybersecurity program is effectively mitigating risk to address the threats that healthcare is operating in, organizations are preventing negative impacts on clinical outcomes, minimizing costs and disruptions, and ultimately enabling high-quality care.

How CrowdStrike Can Help

The CrowdStrike Falcon® platform provides immediate time-to-value while eliminating complexity and simplifying deployment to drive down operational costs. CrowdStrike Falcon® Cloud Security defends organizations without compromising speed and performance to secure workloads and workforces anywhere at any time. 

We all know cybersecurity is more than technology — it also requires around-the-clock expertise and processes designed to move fast. CrowdStrike Falcon® Complete managed detection and response (MDR) brings focused expertise to stop threats through continuous vigilance and provides world-class threat hunters that are leveraging the power of the CrowdStrike Falcon platform With a 50% increase in interactive intrusions, as reported in the CrowdStrike 2023 Global Threat Report, staying ahead of threats is not a human-scale problem but one that demands the potent combination of machine learning and human expertise. 

According to the CrowdStrike 2023 Threat Hunting Report, adversaries are moving faster than ever. The average breakout time (time to achieve lateral movement) dropped to 79 minutes, and 7 minutes is the fastest eCrime breakout time observed. Given that it can be days, or even weeks or months, for healthcare organizations to respond to alerts with traditional technology strategies, Falcon Complete MDR is a great choice for organizations that wish to partner with CrowdStrike as an extension of their team. Falcon Complete surgically eliminates threats across endpoints, cloud workloads and identities, helping to fully resolve issues and allowing customers to stay ahead of threats. Falcon Complete delivers expert-driven protection with 24/7, worldwide operations that is backed by AIG, one of the most trusted names in cyber insurance. The Falcon Complete Breach Prevention Warranty covers the costs of a breach should one ever occur within a protected environment (see details here). In addition, in 2021, 59% of enterprise organizations reported having more than 30 different cybersecurity tools they are trying to manage. Falcon Complete frees up resources, consolidates tools, and allows your team more time and resources to prioritize critical vulnerabilities that put you at risk of breach.

Mergers and Acquisitions

During the healthcare M&A process, it is common for organizations to focus on integrating financials and technology. However, frequently there is a significant blind spot when it comes to securing the target healthcare entity throughout the transaction, and threat actors often see these transactions as opportunities to strike. At CrowdStrike, we offer a comprehensive solution to address these concerns. The CrowdStrike M&A Compromise Assessment provides a thorough examination to identify any active or past compromise activity that may indicate unauthorized access to or loss of personally identifiable information (PII) or intellectual property (IP) resulting from an undisclosed cyber breach.

This assessment ensures immediate visibility into active and past threats. We conduct full forensic analysis of cyber incidents and generate detailed reports of IT assets and vulnerabilities — and Falcon Complete provides 24/7 threat hunting to detect and prevent breach attempts throughout the M&A transaction. Safeguard your acquisition investment and ensure the security of your organization’s assets during the entire M&A process.

At CrowdStrike, our mission is to stop breaches so our healthcare customers can continue to innovate and save lives. We focus on delivering the platform, technology and intelligence needed to keep you ahead of the adversary. This is why we’ve unified and delivered critical protections like endpoint and extended detection and response, identity threat protection, cloud security, vulnerability and risk management, threat intelligence and much more — all from a single platform.

Learn more about how CrowdStrike can help healthcare organizations by visiting our website: 

Additional Resources

Related Content