FRANKLIN, Tenn. – July 18, 2022 – Fortified Health Security, Healthcare’s Cybersecurity Partner®, today released the 2022 Mid-Year Horizon Report: The State of Cybersecurity in Healthcare. The report’s findings illustrate how healthcare providers, health plans and business associates must not let their guard down even though the number of reported cybersecurity breaches have leveled off after meteoric rises over the past several years. The report goes on to explore how a resilient and secure healthcare ecosystem can be achieved through the implementation of several best practices including encompassing incident response plans, penetration testing, MITRE ATT&CK®, and the continued adoption of emerging artificial intelligence (AI)/machine learning (ML) detection and response technologies.
The report leverages a comprehensive cross-section of information, expertise, and statistical analysis to highlight industry-wide trends, insights, and predictions. Horizon Reports have been published by Fortified Health Security since 2017 and are designed to help healthcare stakeholders navigate the exceedingly complex cybersecurity landscape by sharing best practices and actionable guidance.
Significant findings from the 2022 Mid-Year Horizon Report include:
- Malicious attacks ranked as the No. 1 cause of breaches for a sixth consecutive year, with the percentage of incidents pegged to hacking/IT incidents rising from 73% last year to 80% so far in 2022.
- There were 337 breaches impacting 500 or more records reported to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in the first six months of 2022.
- Healthcare providers account for the most breaches (72%), followed by business associates (16%), and health plans (12%).
“The healthcare industry has made progress toward adopting a security-first mindset and protecting health information and technology assets. That’s the good news,” said Dan L. Dodson, CEO of Fortified Health Security. “The not-so-good news is that the threats facing healthcare continue to evolve, grow at a faster rate, and become more sophisticated – and it’s happening at time when our industry continues to face a severe human capital shortage. However, I remain optimistic that hospitals and health systems will meet these cybersecurity issues head-on as we see the continued implementation of encompassing incident response plans, penetration testing and a growing dependence on artificial intelligence/machine learning security technologies that will undoubtedly propel cybersecurity efforts.”
AI/ML and deep-learning technologies are transforming diagnoses and healthcare delivery. Likewise, advanced technologies that leverage AI/ML concepts are also transforming IT security services that can bring quicker threat detection and mitigation, increased productivity, and the ability to perform sophisticated tasks with fewer staff or extend the capabilities of junior security staff members. The many promising advantages these technologies bring will prove crucial to healthcare organizations confronting stiff competition for workers at a time when the healthcare industry faces a narrowing cybersecurity talent gap. According to the report:
- Organizations that leverage AI and automation can detect and contain breaches 27% quicker than those without.
- Organizations with no security AI/automation took an average of 239 days to identify a breach and another 85 days to contain it.
- Organizations with fully deployed security AI/automation needed 184 days to identify the breach and 63 days to contain — the difference between nearly 11 months to find and contain a breach versus 8.2 months with AI technology.
Earlier this year, Fortified Health Security released the 2022 Horizon Report – revealing how, as the industry continues to recover from the pandemic’s grasp, cybercriminals continued to relentlessly target and attack providers, health plans and their business associates. The report explored how federal and state regulatory agencies along with cyber insurance companies are taking notice of breaches and the increasing number of ransomware attacks in the healthcare industry, adopting comprehensive cybersecurity policies and procedures that increase compliance and mitigation costs.
Fortified Health Security’s 2022 Mid-Year Horizon Report builds on that guidance, while aiming to predict the short-term future of cybersecurity in healthcare. The full report is available for download here.
About Fortified Health Security
Fortified Health Security is Healthcare’s Cybersecurity Partner® – protecting patient data and reducing risk throughout the healthcare ecosystem. As a managed security service provider, Fortified works alongside healthcare organizations to build tailored programs designed to leverage their prior security investments and current processes while implementing new solutions that reduce risk and improve their security posture over time. Fortified’s high-touch engagements and customized recommendations maximize the value of investments and result in actionable information to help reduce the risk of cyber events. The company is 100% committed to creating a stronger healthcare landscape that benefits more clients, protects more patient data, and reduces risk.