KnowBe4 Uncovers Healthcare’s Cybersecurity Woes

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform released its International Healthcare Report. The report takes a closer look at the cybersecurity crisis currently experienced by the healthcare sector, in particular hospital groups, across the world.

The Asia-Pacific region is experiencing a surge in ransomware attacks on its healthcare institutions. In Australia, the healthcare sector continues to be hit hardest by cyber incidents with a staggering 22% of all data breaches from July to December 2023 reported within this sector. In contrast, the financial services sector reported only 10% of the total data breaches. The severity of the threat in the region is further highlighted by a local Singapore healthcare IT provider, which revealed that it intercepts and blocks 3,000 malicious emails daily, and experiences 1.7 million attempts to breach its internet-facing firewalls every month.

Hospitals have become increasingly attractive targets for ransomware attacks due to their comprehensive patient databases, sensitive information, and their interconnectedness between systems and equipment. Moreover, poor security measures have made hospitals vulnerable to cyber threats. When attacked, cybercriminals can potentially take control of entire hospital systems, and gain access not only to patients’ health information but also their financial and insurance data.

Hospitals are severely impacted by cyberattacks, which can lead to a reduction in patient care, loss of access to electronic systems, and a reliance on incomplete paper records. This can also result in the cancellation of surgeries, tests, appointments, and, in some cases, even loss of life.

Some shocking facts discussed in the report include:

• The healthcare sector has seen a dramatic surge in cyberattack costs over the past three years, with the average cost of a breach reaching nearly $11 million, more than three times the global average. This makes healthcare the costliest sector for cyberattacks.
• Ransomware attacks have been the most prevalent type of cyberattack on healthcare organisations, accounting for over 70% of successful attacks in the past two years.
• The majority of cyberattacks (between 79% and 91%), across sectors, begin with phishing or social engineering tactics, which allow cybercriminals to gain access to accounts or servers.
• According to KnowBe4’s 2024 Phishing by Industry Benchmarking Report, healthcare and pharmaceutical organisations are among the most vulnerable to phishing attacks, with employees in large organisations in the sector having a 51.4% likelihood of falling victim to a phishing email. This means that cybercriminals have a better than 50/50 chance of successfully phishing an employee in the sector.

“The healthcare sector in Asia Pacific remains a prime target for cybercriminals, who exploit the industry’s reliance on technology and the vulnerability of patient data. Emerging health technologies and the use of AI offer great potential to improve healthcare in APAC but the rapid adoption of technology brings cyber risks and challenges,” says Stu Sjouwerman, CEO of KnowBe4. With patient data and critical systems held hostage, many hospitals feel like they are left with no choice but to pay exorbitant ransoms. This vicious cycle can be broken by prioritising comprehensive security awareness training to empower employees and cultivate a positive security culture as a strong defence against phishing and social engineering attacks.”

The report examines the state of cybersecurity in the healthcare sector in North America, Europe, the United Kingdom, Asia-Pacific, Africa, and Latin America. In addition, it also highlights some of the most prolific global ransomware attacks that occurred between December 2023 and May 2024, the aftermath thereof and what healthcare organisations can do to protect themselves from cyberattacks.

To download a copy of KnowBe4’s International Healthcare Report, click here.