Demo Request
X Close Search

How can we assist?

Investing in Healthcare Cybersecurity in 2022

Investing in Healthcare Cybersecurity in 2022

As 2021 comes to an end, Healthcare IT leaders begin to prepare and discuss their organization’s investment plans for the upcoming year. As an industry, the increasing number of healthcare data breaches and cyberattacks have (1) highlighted the need for better patient, data, and supply chain protection and (2) proven that investing in cybersecurity is no longer an option. Healthcare leaders recognize that attacks are inevitable, so it’s not a matter of if they occur; it’s a matter of when, how frequently, and to what degree. Every healthcare delivery organization will eventually experience a cyber attack if they haven’t already. The onus is on them to determine how they manage the risk.

According to HIPAA Journal, the healthcare industry is a prime target for cybercriminals and experienced the most data breaches. With the internet buzzing about healthcare data breaches, “cybersecurity has become a dinner table conversation,” remarked Elizabeth Butwin Mann, EY Americas Life Sciences and Health Cybersecurity Leader. The 550 healthcare data breaches reported to HHS (as of November 2021) are eye-opening for many CISOs and CEOs. Healthcare cyberattacks have impacted more than 40 million people in 2020. An increasing number of cybersecurity and healthcare professionals are speaking out and sharing their investment considerations, cybersecurity knowledge, and predictions for 2022.

According to research in a recent Healthcare IT News article, “43% say funding is keeping their organizations from executing on security challenges they have.” Studies have shown that most hospitals are still responding to the pandemic, are short-staffed with minimal IT or cybersecurity, do not have the funds allocated for cybersecurity, and so forth. Experts are urging healthcare providers to recast their priorities and recognize the criticality of implementing cybersecurity, risk intelligence, unified training for staff, and proper management and protection of patient data.

Currently, healthcare’s biggest concern is digital risk. The funding priority is risk intelligence, as stated in the key findings of  Deloitte’s Third-party Risk Management (TPRM) Global Survey 2021. Nearly a third of hospitals and health systems are planning to implement biometrics (29%), digital forensics (28%), or penetration testing (28%) within the next 24 months, according to new HIMSS Media Research. Healthcare as a whole is anticipating that tumultuous data breaches and ransomware attacks will continue into 2022, requiring preparation through risk analysis, proactive remediation, and operational resiliency.

Healthcare IT News, part of HIMSS Media, recently explored investment opportunities in their feature series, Health IT Investment: The Next Five Years. This series interviewed five CIOS and one COO to understand their plans for the next five years and their targeted investments in the following categories: AI and machine learning; interoperability; telehealth, connected health, and remote patient monitoring; cybersecurity; electronic health records and population health; and emerging technology and other systems. These leading healthcare IT interviewees all agree that investing in healthcare cybersecurity is crucial in a successful health system, although costly. Here is what they had to say:

"We have spent a tremendous amount of money in the past two years hardening our defenses and filling gaps, so we are compliant with best practices."

-Mike Mistretta, Vice President, and CIO, Virginia Hospital Center

"Cybersecurity is an issue that needs ongoing attention.”

-Dr. Umberto Tachinardi, CIO, Regenstrief Institute

"There are so many different types of technology that are important for the cybersecurity platform."

-Cara Babachicos, Senior Vice President and CIO, South Shore Health

"The bad guys keep getting smarter every day," and “we need to continue to advance, but we believe basically next year will kind of be more of a sustained level…If the situation changes and becomes more aggressive, obviously, this is an area that we'll continue to invest in more. But we believe we'll get to a stable level by the end of next year."

-B.J. Moore, CIO, Providence

“These investments are readily agreed upon by members of senior leadership, given the consistent reporting of breaches, hacks and ransomware throughout healthcare and other industries,” and “the potential impact upon operations, patient privacy as well as the reputational harm that may arise from such malicious events, requires constant attention as well as never-ending strategy and investment.”

-Michael Restuccia, Senior Vice President and CIO, Penn Medicine

"Some of the investments will go toward full network visibility, AI-based behavior analysis and connected medical devices, both in our facilities and in patients' homes,” Hocks noted. "Our team has intentionally and thoughtfully engaged leadership across the organization on cybersecurity awareness and education, which has pivoted the conversation from a 'sell' to a 'risk-based decision' and included deep involvement and support from our clinical operations.”

-Matt Hocks, COO, Stanford Health

For more 2022 cybersecurity predictions from additional industry leaders, check out Health IT Security’s recent article.

The battle of cybersecurity in healthcare is far from over. The health sector has experienced increasing cyberattacks, higher adoption of advanced cybersecurity solutions, rising security, and privacy concerns, disrupted patient care, outrageous fines, and in some cases, tarnished reputations. According to research from Forbes, “the number of cyberattacks continues to increase (up 31% in 2021 over 2020), and companies are worrying more about indirect attacks – successful breaches to the organization through the supply chain– which have increased from 44% to 61%.” Forbes also discloses that 82% of its survey respondents reported that they have increased security funding and that investing in cybersecurity is, in fact, essential.

Over the last few weeks, many of us have been heads down frantically responding to the ubiquitous Log4J vulnerability. The sophistication, frequency, and impact of such zero-day cyber vulnerability are increasing and will shift healthcare IT investments in 2022, making automated, dynamic risk management and incident response programs the next priorities.

Which cybersecurity investments are your HDO prioritizing in 2022?  Send me your thoughts, ideas, and comments.

Ed Gaudet
CEO and Founder, Censinet

Recent Posts

Censinet Announces New Webinar Series on HHS Cybersecurity Performance Goals to Facilitate Implementation, Compliance
Censinet Announces “Censinet Champions” Webinar Series to Showcase Success Stories, TPRM Transformation
Censinet Delivers New Product Support for NIST CSF 2.0 and HHS Cybersecurity Performance Goals
Censinet to Recognize Cybersecurity Transparent Healthcare Organizations at HIMSS 2024
Censinet, KLAS, and American Hospital Association, Publish the 2024 Healthcare Cybersecurity Benchmarking Study
Censinet Eliminates Security Questionnaires with Censinet Connect™ Copilot
Censinet Delivers Health Industry’s First Risk Register with Real-Time Enterprise and Ecosystem Orchestration
Censinet Announces Benchmarking Study Results, New Product Innovations, and Cybersecurity Awards at ViVE 2024 Conference

Categories

Slide 1

This is some text inside of a div block.
Text Link
Beckers Health IT logo

5 ways to reduce 3rd-party cybersecurity risks, per 18 experts

Healthcare information technology security leaders from across the country have shared insights with Becker's regarding the most important steps for hospitals and health systems to take in preventing increased cybersecurity risks when working with th

Read More >>
Fourth Party Risk

When Fourth Party Risk Becomes a First Party Nightmare

The MOVEit vulnerability is a critical security flaw in file transfer software that is widely used across multiple industries. This vulnerability was first disclosed in June 2023 and has since been exploited by threat actors to gain access to and con

Read More >>
Voice of the Assessor

Voice of the Assessor

Voice of the Risk Assessor

Read More >>
Censinet Risk Assessment Request Graphic

Censinet RiskOps™ Demo Request

Do you want to revolutionize the way your healthcare organization manages third-party and enterprise risk while also saving time, money, and increasing data security? It’s time for RiskOps.

Schedule Demo

Sign-up for the Censinet Newsletter!

Hear from the Censinet team on industry news, events, content, and 
engage with our thought leaders every month.

Censinet Logo
Third Party Risk
Enterprise Risk
Provider Solutions
Vendor Solutions
About
Terms of Use | Privacy Policy | Security Statement | Crafted on the Narrow Land