More than half of healthcare organizations that responded to Travelers’ recent cross-industry cybersecurity survey said they did not have a dedicated team to deal with a data breach, and even more said they did not exploit detection tools and response at endpoints.
Meanwhile, chief information security officers across the country told Deloitte and the National Association of State Chief Information Officers in a recent survey that threats – exacerbated by the emergence of artificial intelligence technologies – are high and they are unsure whether their teams are well-prepared to deal with them. .
WHY IT’S IMPORTANT
Among state CISOs from all 50 states and the District of Columbia, 86% said artificial intelligence, uncertain budgets, cyber threats and staff changes have increased their data protection responsibilities, according to a Monday announcement from Deloitte.
The Deloitte-NASCIO Cybersecurity Study 2024 also found that more than one-third of national CISOs reported no dedicated cybersecurity budget.
The immense majority (71%) also said the threat level posed by AI is “high,” and 41% said they were unsure whether their teams could handle all the cybersecurity threats they face.
However, state CISOs reported an raise in the number of skilled workers since the previous biennial cybersecurity survey.
“The good news is that many state CISOs have been able to increase staffing by adding specialists to their teams who focus on cybersecurity issues,” Meredith Ward, NASCIO deputy executive director and co-author of the modern report report– wrote in the statement.
Travelers said yes Risk Index 2024 it also revealed an unprecedented level of concern about cybersecurity threats as participating healthcare organizations fail to maintain some critical cybersecurity controls.
As part of the survey, Hart Research contacted more than 1,200 U.S. companies (368 petite, 500 midsize and 334 vast) this summer to ask about their top challenges. The analysis included the opinions of leaders of 100 companies from the health care sector.
Of all respondents, 36% experienced a security breach, 27% were victims of extortion/ransomware, 27% had information/systems compromised by employees, 26% had a system glitch, and 25% of employees were defrauded and transferred funds to a fraudulent account, according to report, account
Healthcare respondents in the Travelers report indicated that their top cybersecurity concern was unauthorized access to financial accounts, followed by system glitches or breaches related to remote work, and the third concern was hackers.
Although 82% of healthcare organizations said they believe they have adequate cybersecurity controls in place, 44% do not exploit multi-factor authentication for remote access – a failure that led to the takedown of Change Healthcare and a failure of nationwide claims payment systems – and 44% do not incident response plan.
There are also many cyber maturity gaps, with 55% of healthcare respondents saying they do not have a post-breach team in place and 60% not using endpoint detection and response tools.
While some healthcare organizations reported taking steps such as implementing data and infrastructure backups (80%) and a firewall (72%), conducting employee background checks (72%) and requiring password changes (70%), according to the Travelers Risk Index 2024 may miss some technologies that could better protect patient data.
A BIGGER TREND
Attack surfaces are expanding as rapidly as emerging threats, and data is at the heart of operations in both government and business.
While national CISOs’ budget concerns will return in full force in 2024, Deloitte said AI-based threats were the second most concerning form of cyber threat, behind third-party security breaches, but outweighed concerns about malware and ransomware.
While health care has been recognized as underprepared for cyber threats, in December the U.S. Health and Human Services 405(d) program focused on how cyber insurance can aid organizations recover from an incident and maintain their care delivery operations . Two guides regarding small AND medium large organizations discuss implementing cyber insurance best practices.
Last year, John Menefee, cyber risk product manager at Travelers Bond and Specialty Insurance, said that despite the raise in attacks, insurance opportunities were not going away.
He said cyber insurers have a better understanding than ever before of how health care cyberattacks occur and can aid protect health care organizations from attack by threat actors.
ON RECORDING
As more and more CISOs are committed to ensuring staffing levels commensurate with the scope of the cyber threat, according to the latest NASCIO report, the same is true for executives and security leaders in healthcare organizations.
“In 2020, 16% of CISOs had fewer than five employees engaged in cybersecurity initiatives,” Ward said in a statement. “Today, that number has dropped to just 4%. Our research shows that these leaders are not only growing their teams, but are determined to find original solutions to protect their organizations and society.”