U.S. healthcare cyberattacks surge despite increased security budgets: ClearDATA report
TEXAS, UNITED STATES — The healthcare sector is facing an alarming increase in cyberattacks, as highlighted in ClearDATA’s 2024 State of Healthcare Cloud Security and Compliance Posture Report.
This report, developed in collaboration with Healthcare Innovation, surveyed nearly 200 U.S. healthcare IT leaders to assess current trends and challenges in cloud security.
The findings underscore the urgent need for improved security measures to protect sensitive patient data and maintain compliance.
Overconfidence amidst rising incidents
Despite high confidence levels in existing cloud security and compliance programs, the report revealed that many healthcare organizations are struggling with cloud misconfigurations and frequent security incidents.
This gap between perceived security and actual vulnerabilities points to a significant issue within the sector’s cybersecurity practices.
“This research highlights the critical need for a transformative shift in how we approach healthcare cybersecurity,” stated Chris Bowen, Founder & Chief Information Security Officer of ClearDATA.
Increased budgets but persistent vulnerabilities
The survey indicates that 92% of healthcare organizations have increased their cybersecurity budgets year over year, reflecting growing concerns about cyber resiliency.
However, these financial investments have not translated into fewer security breaches, with organizations experiencing an average of 3-5 incidents annually. Misconfigurations remain a critical vulnerability, with nearly 80% of respondents reporting at least one incident in the past year.
Yet, only a small fraction — 4% — expressed significant concern over these misconfigurations leading to unauthorized access.
Need for proactive security strategies
To address these challenges, many organizations are investing in new cloud security tools and software, with 54% implementing solutions to mitigate cloud risks.
Additionally, there is a notable increase in internal training efforts, with 68% of organizations focusing on upskilling their staff.
Despite these efforts, the report suggests that internal training alone may not suffice to combat the complex nature of healthcare cybersecurity threats.
Calls for transformative action
Industry leaders emphasize the need for a comprehensive approach that goes beyond reactive measures.
“As cyber threats in healthcare grow increasingly frequent and complex, relying on outdated strategies is no longer an option,” Bowen warned. The report advocates leveraging specialized cloud security expertise tailored to healthcare needs to strengthen defenses effectively.
Mark Hagland, Editor-in-Chief of Healthcare Innovation, echoed these sentiments, adding that the “threats and actual attacks are intensifying, and all those involved in cybersecurity efforts in patient care organizations need to meet this moment in order to survive and thrive.”
