4 Cybersecurity Trends CEOs Followed in 2024
By Jay Asser
Shoring up cybersecurity became a necessity for healthcare organizations this year as several attacks highlighted vulnerabilities.
While other pain points such as the workforce continue to keep CEOs up at night, cybersecurity has come to the fore and forced leaders to rethink the number of resources they’re putting into keeping their and their patients’ data safe.
Here are four cybersecurity trends HealthLeaders highlighted this year that grabbed the attention of CEOs.
Change Healthcare attack fuels ‘year of chaos’
The tone of the year was set in many ways by the Change Healthcare cyberattack that occurred in February.
It was called “the most significant cyberattack on the U.S. healthcare system in American history” and had far-reaching consequences. A survey of nearly 1,000 hospitals by the AHA at the time found that 94% of hospitals reported financial impact, with more than half reporting “significant or serious” impact.
“Cybersecurity issues are just added icing on the cake,” said Aspirus Health CEO Matt Heywood, who coined 2024 as “the year of chaos.”
After Change Healthcare, more chaos ensued as other major organizations were hit by cyberattacks in the following months, including Kaiser Permanente and Ascension.
Lack of response plans
In the wake of suffering a cyberattack, it’s vital that organizations have a response plan in place to mitigate the damaging effects.
However, only 63% of companies have such a plan, according to a survey by Software Advice, which fielded answers from 296 respondents with IT management, data security, data management, security training or audit responsibilities at healthcare organizations.
While preventative measures are needed, a response plan “that includes defined roles and responsibilities, communication protocols, and a prioritization list” can reduce downtime and further loss of data in the aftermath, the report stated.
Investment ramping up
The good news is that many organizations have recently recognized the importance of increasing their cybersecurity investments.
A survey of 150 providers and payers by Bain & Company and KLAS revealed that 75% of respondents reported upping their IT investments over the past year, with an emphasis on addressing cybersecurity.
In response to the Change Healthcare attack, 56% of payers and 38% of providers increased cybersecurity software spending, with only 11% of providers and 8% of payers choosing not to act.
More than a third of providers (38%) chose investment in IT infrastructure and services, including cybersecurity, as a top three priority most often.
Those figures could potentially rise in 2025 as more cyberattacks continue to heighten CEO awareness.
Longer recovery times
Not only are ransomware attacks in healthcare increasing, but their recovery times are also getting longer.
Meanwhile, fully recovering in a week or less was only possible for 22% of organizations this year, compared to 47% in 2023 and 54% in 2022. More than a month to recover was necessary for 37% of respondents, a jump from 28% in 2023.
Due to longer recovery times, companies are losing more money from cyberattacks. Organizations reported a mean cost of $2.57 million to recover from a ransomware incident, more than doubling the cost of $1.27 million from 2021.
“It’s incumbent on all CEOs in healthcare and other industries to be vigilant on this front, to make sure that there are tons of people in place managing that vigilance on a day-to-day basis, and that function is appropriately resourced,” Cedars-Sinai CEO Peter Slavin said. “All organizations just need to do their best to try to prevent such a catastrophe from happening.”
Jay Asser is the CEO editor for HealthLeaders.