Globally, 78 percent of healthcare facilities were affected by cyber incidents last year. One in four cyber attacks on healthcare facilities in Germany has serious consequences for the health and safety of patients.
Three out of four healthcare facilities in Germany (73%) fell victim to cyber incidents last year. The respective IT systems were “only” affected in every second case. The majority of incidents (57%) affected cyber-physical systems (CPS) such as connected medical devices or building technology. This is the result of the Global Healthcare Cybersecurity Study 2023 by Claroty, a specialist in the security of the expanded Internet of Things (XIoT). A total of 1.100 professionals from the areas of cybersecurity, technology, IT and networks in healthcare facilities worldwide were surveyed for the report.
Outdated technology is a problem
“The healthcare industry faces many cybersecurity challenges: rapidly expanding attack surfaces, legacy technologies, budget constraints and a global shortage of cyber talent,” said Yaniv Vardi, CEO of Claroty. “Our study shows that the healthcare sector needs the full support of the cyber industry and regulators to protect medical devices from growing threats and thus ensure patient safety.” The report highlights the experiences of security managers with cybersecurity incidents last year, the current status of their security efforts and their future priorities.
The main results:
- 78 percent of those surveyed recorded at least one cybersecurity incident in the last year (Germany 73%).
- Sensitive data such as protected health information (PHI) was affected in 30 percent of cases worldwide (Germany: 23%).
- Sixty percent of incidents worldwide had a moderate or significant impact on patient care, and another 60 percent had a serious impact that threatened patient health and safety. In Germany, although the moderate to significant impacts are significantly lower at 15 percent, the number of incidents with serious impacts is significantly higher (33%).
- 20 percent of the institutions affected by ransomware in Germany paid the required ransom (26 percent worldwide).
- Worldwide, legislative measures are primarily driving cybersecurity in the healthcare sector: 44 percent of those surveyed see them as having the greatest external influence on their own cybersecurity strategy.
- Security managers worldwide are most oriented towards the NIST Cybersecurity Framework (38%, in Germany 30%). While the HITRUST Cybersecurity Framework is also important globally at 38 percent, it plays a rather minor role in Germany (17 percent). Here, a third (33%) rely primarily on the CISA CPGs.
Too few skilled workers in the cybersecurity sector
The study also shows that the shortage of cyber specialists remains one of the biggest challenges in the healthcare sector: every second institution (53%) in Germany is looking for new employees in the cybersecurity sector. 70 percent of those surveyed have difficulties recruiting suitable staff.
Go directly to the study at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.