Healthcare CISOs Need Government Support to Manage Increased Cyber Threats

The College of Healthcare Information Management Executives (CHIME) and Association for Executives in Healthcare Information Security (AEHIS) has conducted a new survey involving Chief Information Security Officer (CISO) members. The results presented the effect of cybersecurity occurrences on the healthcare sector and the requirement for government assistance to take care of the threats.

Cybercriminals have been targeting the healthcare sector, however, attacks surged throughout the pandemic. 67% of survey respondents stated their company had encountered a security event in the last 12 months with nearly half stating they were had suffered a phishing attack. The most often used security exploits in cyberattacks are malware ransomware, phishing and business email compromise (BEC) attacks, hacking, and insider threats.

Cyberattacks can cause patient safety concerns. One new study reveals mortality rates, medical issues and the length of hospital stays
increase after a ransomware attack. The survey established the effect on patient safety, as 15% of survey respondents reports a patient safety problem following a cyberattack, and 10% stated they were compelled to redirect patients to other hospitals after an attack.

More attacks mean greater costs. Over 80% of surveyed CISOs claimed increased costs connected with cyberattacks last year. 20% of survey respondents mentioned a 50% increase in costs in the past year. One of six reported doubled costs. Aside from remediation costs, the cost of cyber insurance policies also increased because of the greater threat of cyberattacks.

Without a doubt, the situation will probably worsen as there are a number of rising threats of big concern, like the surge in IoT and other linked devices, growing remote staffing, supply chain risks, API security problems, and risks connected with 3rd party consumer health applications.

Cybersecurity funding has always been a problem in medical care, however, the higher costs have worsened the situation and a lot of CISOs are having difficulties.

The survey revealed that healthcare companies need additional help addressing the growing threat of attacks. Congress is looking at various ways to enhance protection against cyberattacks for critical infrastructures, such as healthcare. However CHIME and AEHIS state that medical care is usually left out, although the healthcare sector is one of the most attacked and most vulnerable critical infrastructures.

40% of respondents stated that they need assistance like grants or government assistance to boost cybersecurity. One-third stated that the guidance and expertise of cyber professionals of regional extension centers, and 16.7% stated they would profit from closer associations with government authorities like CISA and the FBI.

52% of survey respondents stated they had registered at an Information Sharing and Analysis Organization (ISAO) or Information Sharing & Analysis Center (ISAC), however, additional guidance is required, as 10% of respondents stated they were uncertain when it was appropriate to reveal threat details. When assistance is given, it must be conveyed more appropriately. For example, 45% of respondents stated they were uninformed of 405(d) recommendations that the HHS published.

Based on this survey, it is obvious that healthcare companies will need a number of tools to deal with the risks to the provision of patient care. More resources, training, and ongoing assistance for the healthcare sector are necessary.