A February 2024 cyberattack on Change Healthcare, which accounts for nearly 40% of all medical claims processed each year, resulted in a huge backlog of unpaid claims affecting 95% of all hospitals. Besides the business disruption, this cyberattack has cost the health insurance company over $872 million, with projections approaching $1 billion. This unprecedented level of security breach affects nearly ⅓ of all Americans’ health records. And this will not be the last organization to be attacked.
The healthcare industry reported 24 data breaches in February this year, which compromised 10,000 records. Per 2023 statistics, healthcare organizations were the target of over 700 cyberattacks. Besides the increased frequency of attacks, the average cost of cyberattacks is also higher in the healthcare domain. While the average cost across all industries of a successful data breach is $4.45 million, the average cost in the healthcare industry is more than double at $10.93 million.
What makes cybersecurity even more essential in the healthcare domain is the advent of AI (artificial intelligence). According to Onix’s Director of Healthcare Ron Rerko, “cybercriminals are being encouraged to attack healthcare organizations because of their vulnerability and are using AI to their advantage”.
Cybersecurity in the Healthcare Industry – Our Perspective
As an industry-recognized cloud management service provider, Onix considers cybersecurity a required business investment.
The latest statistics on cybersecurity are alarming in the healthcare industry. According to the HIPAA Journal, data breaches in this industry have been increasing since 2021. Here’s a snapshot to support our position of cybersecurity being critical to your work:
- 46 million patient records exposed in 2021
- 52 million patient records exposed in 2022
- 133 million patient records exposed in 2023 – including 26 breaches impacting 1 million records, and 4 breaches impacting 8 million records.
What’s more remarkable is that 80% of these breaches are linked to a cyberattack. Why is it important that healthcare organizations address this concern now? Here are some of the significant business risks posed by cyberattacks on healthcare organizations:
- Huge Financial Impact
According to the American Hospital Association (AHA), a successful attack impacts the cash flow in 80% of the hospitals. 60% have reported a revenue loss of $1 million each day. Besides these direct costs, healthcare companies suffer indirect costs in the form of heavy penalties for violating HIPAA regulations. - Business Operational Impact
Attacking healthcare systems and applications leads to the suspension of business and clinical services or high system downtimes. This can have a profound operational impact on the delivery of patient care and treatments. - Executive Impact
Following a 2020 cyberattack, the U.S. SEC charged SolarWinds’ CISO Timothy Brown with fraud related to the company’s cybersecurity practices. For C-level executives in the healthcare industry, a successful cyberattack has the potential for serious personal business and financial impact. - Reputational Impact
By the nature of their business, healthcare organizations function best when they are trusted by patients and family members. A cyberattack can directly lead to a loss of a patient’s trust in a hospital and a resulting decline in the hospital’s reputation. - Shareholder Impact
A 2023 Cyber Resilience report revealed that a successful cyberattack results in a 9% decrease in the shareholder’s value. Among the short-term impacts, public-listed companies can suffer a decline of 7.5% in their share value following a data breach.
By leveraging AI technology, cybercriminals are creating new and more sophisticated forms of attacks. AI-enabled malware can easily avoid security controls and locate vulnerabilities in healthcare systems. As Ron points out, “Cybercriminals are using AI to your disadvantage.”
However, with the appropriate and comprehensive use of AI, healthcare organizations can identify security-related vulnerabilities and then provide mechanisms to eliminate them. Let’s see how.
How AI Can Deliver the Next Level of Cybersecurity
AI technology can play a critical role in countering the growing complexity and sophistication of cyberattacks in the healthcare industry. Here are some of the major differentiators with the application of AI in healthcare cybersecurity:
- Threat intelligence
AI-powered threat intelligence can automate various cybersecurity processes in the healthcare domain. For instance, using natural language processing and machine learning algorithms, AI systems can better detect “suspicious” behavior in potential phishing emails and cybersecurity reports. - Zero trust security
Based on the user’s location, device, and behavior patterns, secure enterprise browser platforms can provide insights to allow or deny any user the right to access healthcare systems. This aligns with the need for zero trust security, which can save cybersecurity expenses.
- Security-related vulnerabilities
With AI and machine learning technology, cybersecurity teams can now analyze millions of security events and detect various types of online threats. For instance, AI-powered security systems can ensure faster response to incidents, and analyze the “root cause” of security vulnerabilities to prevent future incidents.
- Event-driven remediation
Through event-driven remediation, AI-powered security systems can automate incident response, thus reducing both time and human intervention. For instance, AI systems can automatically perform actions like blocking any malicious IP address or isolating compromised systems from the rest of the infrastructure.
- SecOps implementation
AI-powered SecOps (or security operations) platform can leverage AI’s threat intelligence to identify potential attacks or threats. With this platform, security professionals can monitor real-time security events using the flow of network traffic and logs from different systems.
- Managed services
AI technology is transforming healthcare cloud managed services through personalized and scalable solutions. Among the benefits, AI in managed services reduces operating costs by minimizing errors and the company’s reliance on a larger cybersecurity team.
How Onix’s Security Solutions Can Deliver Value
At Onix, we understand the critical importance of technologies like the Cloud and AI in securing healthcare organizations and delivering the best patient care. With our security-first approach, we have a range of security solutions to help identify, mitigate, and manage cybersecurity risks.
To learn more about our Healthcare and Life Sciences Cloud Security solutions, please contact us to register for an upcoming workshop:
- Security Posture Workshop with Google Security Command Center
- SecOps Workshop with Google Chronicle
- Zero Trust Workshop with Google Chrome Enterprise Premium
And please contact Onix Healthcare to learn more about the immense potential of GenAI in Healthcare. Onix offers our “Art of the Possible” workshop, where you hear more about the fundamentals of AI from our experts and use cases that are being implemented in healthcare today.