Amid growing concerns over cybercrime, the U.S. healthcare sector remains a prime target for cybercriminals. New research from SecurityScorecard indicates that the U.S. healthcare sector has achieved a “B+” cybersecurity rating for the first half of 2024. However, the report “The Cyber Risk Landscape of the U.S. Healthcare Industry, 2024” also highlights a significant supply chain cyber risk.
The study by SecurityScorecard’s STRIKE threat analysts examines data breaches and security ratings among the 500 largest U.S. healthcare companies. The findings reveal that while the average security score is a respectable 88, organizations with a B rating are nearly three times more likely to suffer data breaches than those with an A rating.
The report identifies the healthcare sector as the leading sector in third-party breaches, with 35% of such incidents affecting the industry in 2023. Ransomware groups frequently target the supplier ecosystem, exploiting single vulnerabilities to penetrate numerous organizations undetected. Medical device companies are particularly at risk, scoring 2-3 points lower than the healthcare average and experiencing a 16% higher rate of breaches.
Healthcare Industry Cybersecurity
Application security issues pose the most significant threat, with 48% of healthcare organizations receiving the lowest scores in this category. Vulnerabilities in the software supply chain allow attackers to access source codes and other critical systems, thereby compromising the trust between suppliers and their clients.
Despite these threats, only 5% of healthcare organizations reported breaches in the past year, and 6% detected compromised machines within the past 30 days. However, the persistent ransomware threat has led to increased efforts to bolster supplier oversight and cybersecurity measures.
“One single point of failure, like Change Healthcare, which underpinned medical claims processing, can cripple the entire healthcare ecosystem,” said Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard. “History will continue to repeat itself if the cybersecurity community does not actively monitor supply chain risk. Together, we must identify and address single points of failure.”
UnitedHealth says the Change Healthcare cyberattack cost it $872 million.
Source: Healthcare Industry Gets a ‘B+’ on Cybersecurity for 2024.