Claroty, the cyber-physical systems protection company, has announced the release of the Global Healthcare Cybersecurity Study 2023, a survey of 1,100 cybersecurity, engineering, IT, and networking professionals from healthcare organisations, including 250 from the APAC region. The study explores their experience with cybersecurity incidents over the past year, the state of their security programs, and future priorities.

The survey's findings show that APAC healthcare organisations face many cybersecurity challenges that require them to increasingly prioritise cybersecurity and compliance. 

According to the study, 69% of respondents experienced at least one cybersecurity incident over the last year. 45% cited at least one incident that affected cyber-physical systems, such as medical devices and building management systems. 26% mentioned that sensitive data like protected health information (PHI) was affected. 53% reported that incidents caused a moderate or substantial impact on care delivery, and another 15% reported a severe impact that compromised patient health and/or safety.

Surprisingly, of the APAC respondents who were victims of ransomware attacks, more than a quarter (26%) made ransom payments. Another noteworthy financial implication is that more than a third (37%) experiencing incidents in the past year incurred costs from the attack of more than AU$1 million.

“The healthcare industry has a lot of working against it on the cybersecurity front, a rapidly expanding attack surface, outdated legacy technology, budget constraints and a global cyber talent shortage,” says Leon Poggioli, ANZ Regional Director of Claroty. “Our research shows that healthcare organisations need the full support of the cyber industry and regulatory bodies in order to defend medical devices from mounting threats and protect patient safety.”

Additional findings show that increased standards and regulations fuel more robust cybersecurity, but more work must be done.

36% of APAC organisations say current government policies and regulations require improvement or do nothing to prevent threats. Most respondents selected CISA Cross-sector performance goals (38%) and NIST Cybersecurity Framework (37%) as important to their organisations. 42% of APAC organisations cite regulatory developments such as mandated incident reporting as the most influential external factor to an organisation's overall security strategy.

The study also found that the cyber skills' shortage remains a top challenge.

60% of APAC healthcare organisations are looking to hire in cybersecurity roles. 63% of those hiring say it's challenging to find qualified candidates with the skills and experience required to properly manage a healthcare network's cybersecurity. 

“Claroty contracted with Pollfish to conduct a survey of healthcare providers, healthcare delivery organisations (HDOs), hospitals, and clinics in North America (500), South America (100), APAC (250), and Europe (250). Only individuals who work full time in cybersecurity, clinical engineering, biomedical engineering, information systems, risk, or networking completed the survey, for a total of 1,100 respondents. Respondents work for organisations with a minimum of 25 beds to over 500 beds, with the largest group (45%) working for organisations with 100 to 500 beds. The survey focuses on the period of June 2022 – June 2023 and was completed in July 2023," informed a company spokesperson.