Cybersecurity Considerations 2024: Healthcare sector

Amid new and evolving cyber threats, the stakes have never been higher for healthcare organizations. The sector has seen attacks intended to compromise patient data as well as weaken the healthcare system. Beyond sensitive information, cyber attackers are increasingly targeting the capabilities of the healthcare system linked to the delivery of care and the patient experience. In instances of ransomware attacks, healthcare organizations cannot afford to lose time due to locked systems when lives are at stake.

The fact that the healthcare sector has historically been less prepared for cyber risks than other industries adds to the complexity. Many organizations have viewed technology as a back-office function, relying on legacy mainframe systems and outdated technology stacks.

However, with changing expectations around the patient experience, healthcare organizations are adopting newer technologies such as Internet of Things (IoT) devices and artificial intelligence (AI), although often without a complete understanding of the risks.

Healthcare companies continue to encounter a wide range of cyber threats, such as ransomware and distributed-denial-of-service attacks. Opportunities for threat actors to execute these types of attacks often arise from various cybersecurity challenges faced by healthcare organizations, such as a lack of multifactor authentication, reliance on outdated systems, and insufficient security awareness and training, among many others.

Organizations will also be subject to increasing regulatory mandates around data security, privacy, and interoperability. Health systems and insurers will have to work together to deliver on these imperatives. As leaders manage their transformation journeys, these will be critical areas. With a focus on resilience, regulatory compliance, and a roadmap for AI integration, cybersecurity leaders can play a pivotal role in driving growth.

This report explores cybersecurity considerations for the healthcare sector. It shares a perspective on the industry’s unique challenges and the way ahead for business leaders.

Healthcare organizations are seeing the urgency of robust cyber resilience, a capability that demands rapid, measured responses and proactive planning. Resilience in the healthcare sector is not just about maintaining operational capabilities but also preserving the confidence and trust of patients and stakeholders. Organizations need a repeatable approach to tackling cyber threats’ dynamic nature, considering the sector's unique vulnerabilities and regulatory compliance requirements.

Embedding resilience with manual processes or backup technology systems requires resources that large public organizations can afford, but smaller providers may struggle with. This even though data held by smaller organizations is just as valuable and vulnerable. The entire sector needs a roadmap to elevate its overall security posture.

Healthcare leaders are looking at AI to transform operational efficiencies, patient care and the broader ecosystem. With generative AI, alongside robotics and machine learning, making significant inroads, the sector is tasked with navigating the complex interplay of security, privacy, and ethical considerations inherent in these technologies.

The journey toward integrating AI into healthcare is fraught with challenges and peppered with unparalleled opportunities for innovation and enhanced service delivery. The overarching goal remains clear: leverage AI in a manner that upholds the highest standards of care, security and ethical responsibility

While healthcare organizations remain keen on using AI to streamline operations and enhance efficiency, there are unique challenges in connection with using the technology in a manner that is compliant with healthcare data regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). Custom AI systems that facilitate improved efficiency and effectiveness while adhering to regulatory mandates each organization's unique context can be the way forward.

For healthcare leaders, the need to modernize supply chain security has never been more acute as traditional third-party and supply chain security models grapple with today’s complex, interdependent ecosystems. The notion that third parties operate merely on a transactional basis is a relic of the past. Today, APIs, advanced processes, and software-as-a-service dependencies demand a more strategic approach to supplier partnerships.

There is a greater need for continuous monitoring and managing the evolving risk profiles of suppliers. In doing so, the challenges of visibility, scalability and the evolving risk profile of third-party partners loom large. Amid these challenges, there is also an opportunity to reimagine supply chain security as a key business enabler with a comprehensive risk-based mindset and strategic application of intelligent automation.

While modernizing supply chain security remains critical, the days of lengthy and manual risk assessments are fading into the past as they are neither financially nor operationally scalable. New technologies and tools are continually improving the ability to diagnose cyber risk and triage vendor focus areas, reducing the manual effort required and allowing for more bandwidth on resiliency efforts.

• Develop comprehensive incident response plans that outline procedures to identify, contain, eradicate and recover from various cyberattacks.
• Establish governance frameworks and ethical guidelines for the user and development of AI in healthcare operations, ensuring robust data privacy and security measures.
• Assess the security posture of third parties and implement a continuous monitoring plan to promptly detect and address potential supply chain vulnerabilities.

In addition to assessing your cybersecurity program and ensuring it aligns with your business priorities, KPMG professionals can help healthcare organizations develop advanced digital solutions, advise on the implementation and monitoring of ongoing risks and help design the appropriate response to cyber incidents.

KPMG professionals are adept at applying cutting-edge thinking to healthcare companies’ most pressing cybersecurity needs and developing custom strategies that are fit for purpose. With technology that is secure and trusted, KPMG professionals offer a broad array of solutions including cyber cloud assessments, privacy automation, third-party security optimization, AI security, and managed detection and response.