News and Insights

The Alarming Increase in Healthcare Data Breaches: Protecting Patients & Your Bottom Line

August 2, 2024

Can you imagine an entire hospital system being shut down by digital intruders? Critical medical systems are knocked offline, grinding providers’ work to a halt and potentially putting lives at risk.

The sad truth is that, in recent years, the healthcare industry has suffered from an alarming uptick in cybersecurity threats and successful breaches, more so than any other industry. Healthcare organizations are increasingly using sophisticated digital systems to store, manage and secure sensitive patient and financial information. While these systems improve the delivery of healthcare, they are also a massive target for cybercriminals. As a result, the risks to healthcare operations and patient privacy have never been greater.

In lockstep, the growing sophistication of ransomware is also contributing to the increase in breaches and attacks, becoming a preferred tool for cybercriminals targeting healthcare providers. According to a report by Definitive Healthcare, a leading provider of healthcare intelligence, the number of healthcare data breaches continues to increase each year, growing from 329 reported breaches in 2016 to an astounding 739 breaches in 2023. That’s more than two healthcare breaches every day, with an average cost of nearly $11M in 2023, according to a report from Ponemon Institute and IBM.

While the financial impact is immense, the direct impact to clinicians and patients is even greater. When healthcare organizations are targeted by cyberattacks, the focus turns quickly to restoring systems and securing data, which takes energy and resources away from direct patient care. This shift in attention can result in significant detriment to patients, including leaving healthcare providers to rely on manual record-keeping methods, which are both more time-consuming and susceptible to errors, and in some instances, even delaying treatment and diagnosis, contributing to worsening outcomes.

Patients, who are already feeling vulnerable, expect their healthcare providers to protect their personal information, and when breaches occur, that trust is diminished. In an industry where trust is mission-critical, maintaining strong cybersecurity is not only a technical requirement but also a fundamental aspect of patient care. The need for comprehensive crisis response planning is essential to help minimize the reputational damage caused by breaches and to help quickly reestablish trust across constituents.

It’s clear that healthcare organizations must adopt a proactive approach to cybersecurity. This starts with implementing advanced security technologies and is bolstered by fostering a culture of awareness and preparedness among staff. Regular training on cybersecurity best practices and simulated breach scenarios can help ensure that all employees are equipped to respond effectively in the event of an attack.

Communications is also key to cybersecurity preparedness. Organizations should ensure that their communications team has a seat at the table in all cybersecurity discussions. Effective communication isn’t just crucial for responding to an attack—both internally and externally—but also for preparing the organization before an incident occurs. This includes developing clear internal communication protocols and regularly updating employees about new and evolving threats.

Healthcare providers should also have an incident response plan at the ready. These plans should outline clear procedures for detecting, responding to, and recovering from cyberattacks. They should also include detailed communication strategies for various scenarios, ensuring that all stakeholders—from patients to staff to partners and the community—receive timely and appropriate information.

External experts with depth in healthcare and technology and experience in addressing cybersecurity breaches can help healthcare organizations build a plan with communication strategies based on a variety of different cyberattack scenarios. They can also offer crisis simulation training to prepare teams for real-world cyber incidents. Additionally, they can provide guidance on how to effectively communicate with stakeholders during and after a breach.

The reality is that cyberthreats are not going away anytime soon. In fact, they are only getting worse. However, with the help of skilled communications experts, healthcare organizations can create a culture of preparedness that better protects their teams, their patients, and their reputations in the face of rising threats.

Originally published on O’Dwyer’s on August 2. 

POSTED BY: Jeff Seedman

Jeff Seedman