Healthcare Cybersecurity. PHOTO: Cybercrime Magazine.

Healthcare Industry To Spend $65 Billion On Cybersecurity From 2017 To 2021

Hospitals are faced with more sophisticated cyber attacks, phishing scams launched on employees

The 2020 Healthcare Cybersecurity Report is sponsored by Herjavec Group, a leading global cybersecurity advisory firm and Managed Security Services Provider (MSSP) with offices across the United States, Canada, and the United Kingdom. Download PDF version of the report.

Steve Morgan, Editor-in-Chief

Sausalito, Calif. – Dec. 10, 2019

Cybersecurity Ventures predicts that the healthcare industry will spend more than $65 billion cumulatively on cybersecurity products and services over the five year period from 2017 to 2021.

What’s driving this astronomical investment into cyber defense? Cyber offense. Namely, a vast number of wide-ranging hacks and data breaches launched on the healthcare space.

The Wall Street Journal reports that cyberattacks on healthcare providers and hospitals have intensified to the point where some doctors are turning away patients.

But wait, it gets worse.

Some healthcare centers have turned off the lights and pulled the plug on their operations altogether. Apparently they couldn’t handle the post-attack disruption to their operations.

A medical clinic in Simi Valley, Calif. recently shut its doors after being infected by a ransomware attack. An ear, nose and throat (ENT) and hearing center in Battle Creek, Mich. closed after a data hack wiped out all of its files.

“When it comes down to it, at any healthcare organization C-Suite executives are worried about the same thing,” says Robert Herjavec, founder and CEO of Herjavec Group, a leading global cybersecurity firm and Managed Security Services Provider (MSSP). “Balancing a security budget, and lack of security personnel in an increasingly sophisticated and broad attack surface.”

IoT insecurity.

Kathy Hughes, CISO (chief information security officer) at Northwell Health, one of the nation’s largest healthcare systems, told Cybercrime Magazine that IoT (Internet of Things) devices are, in her opinion, computers with operating systems (OS), similar to other types of computers — and those devices are susceptible to the same cyber threats. She added that IoT devices have a small OS and that security is a bolt-on rather than built-in.

Inside jobs.

The insider threat is the number one security challenge for hospitals, according to Hughes, who is responsible for protecting 68,000 employees, which makes Northwell, a non-profit, New York state’s largest private employer.

More than half of insider fraud incidents within the healthcare sector involve the theft of customer data, according to CMU SEI (Carnegie Mellon University Software Engineering Institute).

Healthcare Cybersecurity Statistics

To sum up the state of cybersecurity in the healthcare industry, the editors at Cybercrime Magazine have compiled the following data points:

Fake tumors?

The scariest of all cyber malintent in the healthcare space may lie ahead.

Earlier this year, researchers in Israel announced that they’d created a computer virus capable of adding tumors into CT and MRI scans — malware designed to fool doctors into misdiagnosing high-profile patients, according to a story by Kim Zetter in The Washington Post.

Saving lives.

“Healthcare is one of our fastest-growing verticals,” says Herjavec.

“The fundamental difference between healthcare and other industries,” he adds, “is that it’s not just about money. It’s about lives.”

Herjavec has been warning about ransomware attacks on hospitals and healthcare providers for more than three years.

Healthcare provider boards and C-suite executives need to take cyber threats as seriously as Herjavec does. Nobody wants a patient death to be a wake-up call for cybersecurity.

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Our Sponsor

At Herjavec Group, cybersecurity is what we do. Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. We have expertise in comprehensive security services including Managed Security Services & Professional Services (Advisory Services, Identity Services, Technology Implementation, Threat Management & Incident Response). Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.