In 2024, 259 million Americans, or 76% of the population, experienced the effects of health-related data breaches. Nearly 50% of cyber security professionals in the healthcare industry state that phishing attacks are the main culprit behind severe data breaches.
Healthcare data breaches cost an average of $408 per record, 3X higher than the cross-industry average of $148 per record, rendering these attacks not only digitally and physically disruptive, but financially devastating.
A newly emergent analysis of the U.S.A’s 100 largest health system and hospital groups has revealed an alarming set of findings.
Seventy-nine percent of the studied hospital and health systems received a score of ‘D’ or worse on their cyber security. Even more concerning is that sixty-five percent of the evaluated organizations recently experienced data breaches. Beyond that, 30% reportedly retain outstanding critical security vulnerabilities.
Implications:
Health systems and hospitals are not adequately addressing cyber risks. Whether that’s because these organizations are under-staffed, under-resourced, overwhelmed or a combination thereof, there is more work to be done.
The consequences of failing to take sufficient action include, and are not limited to, the following.
- Elevated mortality rates. Cyber attacks targeting U.S. hospitals have heightened mortality rates. According to one study, 59% of respondents replied that attacks increased the length of patients’ hospital stays.
- Breach costs. Cyber attacks can lead to immediate disruptions in payments. Both in the short and the long-term, attacks can threaten the financial solvency of healthcare organizations. In 2024, the average breach cost for hospitals was $9.77 million dollars.
- Insurance challenges. As cyber attacks increase, health provider groups will continue to see rising insurance premiums. In 2023, insurance premiums increased at twice the pace of hospital prices.
- HIPAA violations. HIPAA violations can lead to criminal charges and fines may be issued in amounts up to $25,000 per violation category, per calendar year. Penalties are subject to adjustments due to inflation.
Technical Details:
The emerging research cited earlier identified several critical technical issues for health systems and hospitals:
- SSL/TLS Configuration Issues: Every analyzed U.S. healthcare organization had SSL/TLS configuration problems, potentially exposing sensitive data to interception and man-in-the-middle attacks.
- System Hosting Challenges: The majority of organizations face significant system hosting vulnerabilities. One-hundred percent of organizations in Florida experienced system hosting issues, followed by Texas (85%) and North Carolina (86%).
- Credential Theft: Seventy-seven percent of analyzed organizations have experienced credential theft, highlighting serious email and password security concerns.
Email security and password security are therefore key areas to address.
How Harmony Email & Collaboration can Help:
Harmony Email & Collaboration offers healthcare providers a comprehensive security solution specifically designed to address the aforementioned vulnerabilities.
With end-to-end encryption, advanced threat detection, and simplified compliance tools for HIPAA requirements, Harmony helps healthcare organizations protect patient data while maintaining operational efficiency.
Harmony Email & Collaboration includes features that are specifically designed to address the credential theft issues that are affecting over three quarters of major healthcare systems.
Talk to a representative today, get a demo, and learn more about how Check Point can provide comprehensive cyber security protection for your organization.