Patches have been released to fix a critical OS command injection vulnerability affecting Fortinet web application firewalls. The FortiWeb zero-day vulnerability is rated medium-severity with a CVSS score of 6.7 out of 10; however, the vulnerability is being actively exploited in the wild.

The vulnerability, tracked as CVE-2025-58034, can only be exploited by an authenticated attacker, hence the relatively low CVSS score, but the vulnerability can be exploited in a low-complexity attack and will allow the attacker to execute unauthorized code on the underlying system. The vulnerability can be exploited via specially crafted HTTP requests or CLI commands. The vulnerability was identified by Jason McFadyen of Trend Micro’s Trend Research team and is due to improper neutralization of special elements in an OS command.

The vulnerability affects multiple FortWeb versions:

This is the second vulnerability in FortiWeb to be identified and patched recently. Last week, Fortinet announced that a critical path traversal vulnerability in FortiWeb, tracked as CVE-2025-64446 (CVSS v3.1 9.4), received a silent patch on October 28, 2025. The vulnerability can be exploited by an unauthenticated attacker to execute administrative commands on the system via specially crafted HTTP or HTTPS requests.

The vulnerability affects versions 8.0.2 through 8.0.1 and versions 7.6.0 through 7.6.4. The vulnerability was fixed in version 8.0.2 and above, and version 7.6.5 and above. Defused reports that there has been active exploitation of the vulnerability, although that has yet to be confirmed by Fortinet. It is unclear why a security advisory about the flaw was not released at the time the patch was released.

The post Fortinet Patches Actively Exploited FortiWeb Zero Day Flaw appeared first on The HIPAA Journal.

Cyber threat actors had a busy October, with attack volume up 2% month-over-month and 5% year-over-year. In October, organizations experienced an average of 1,938 cyberattacks per week, according to the latest data from cybersecurity firm Check Point.

While attacks are up across all sectors, there was a 15% year-over-year fall in attacks on the health and medical sector, with 2,094 reported attacks in October. The biggest increases were seen in the agriculture (+71%) and information technology sectors (+48%). Education was the most targeted sector with 4,470 attacks, up 5% from October 2024. Latin America experienced the highest number of attacks, with attacks up 16% from October 2024, but the biggest increase was seen in North America, with an average of 1,464 attacks per week, up 18% from October 2024.

Check Point reports that the rise in attacks was fueled by the growing sophistication of ransomware, with attacks dramatically increasing in October. Check Point tracked 801 reported attacks in October, which is a 48% increase compared to September. While Latin America experiences more attacks than any other region, North America was the main target of ransomware groups, accounting for 62% of incidents, ahead of Europe with 19% of attack volume. In October, 57% of reported victims were in the United States, and there was a 56.8% increase in attacks compared to September.

Qilin was the most active ransomware group, accounting for 22.7% of attacks in October. The group has evolved into a sophisticated ransomware-as-a-service organization, attracting new affiliates due to its extensive affiliate support. Akira took second spot with 8.7% of attacks, and the recently emerged Sinobi ransomware group took third spot with 7.8% of attacks.

While all three groups attack healthcare organizations, the healthcare sector appears to be a key focus of the Sinobi group. Sinobi is a ransomware-as-a-service group with a professional structure, highly skilled internal operators, and a team of carefully vetted affiliates. Sinobi primarily targets mid- to large-sized organizations, primarily in the United States and allied countries.

Sinobi claims on its dark web data leak site to have attacked East Jefferson General Hospital, Greater Mental Health of New York, Johnson Regional Medical Center, Judson Center, Middlesex Endodontics, Newmark Healthcare Services, Phoenix Village Dental, Queens Counseling for Change, South Atlanta Medical Clinic, and Watsonville Community Hospital since the group emerged in mid-2025.

Check Point also cautioned about the expanding risks associated with generative AI (GenAI) as enterprise use of GenAI tools continues to grow. One of the biggest threats is the exposure of sensitive data. Check Point reports that in October, 1 out of every 44 GenAI prompts submitted through business networks posed a high risk of sensitive data leakage, something that is especially concerning in healthcare due to the risk of exposure of protected health information.

Check Point reports that 87% of organizations that use GenAI tools regularly experience this type of sensitive data exposure, and many organizations are unaware of the risk. While workers use authorized and managed GenAI tools, on average, 11 different GenAI tools are used by organizations each month, most of which are likely to be unsupervised.

“As ransomware groups evolve and GenAI risks proliferate, organizations must strengthen their threat prevention, data security, and AI governance strategies to stay ahead of adversaries,” suggests Check Point.

The post Cyberattack Volume Increases Fueled by 48% YOY Increase in Ransomware Attacks appeared first on The HIPAA Journal.

In Q1, 2026, the Health Sector Coordinating Council (HSCC) plans to publish AI cybersecurity guidelines for the healthcare sector. Last week, the HSCC Cybersecurity Working Group (CWG) published previews of the cybersecurity guidance ahead of the full release next year.

Artificial intelligence has tremendous potential in healthcare; however, it introduces cybersecurity risks that must be managed and reduced to a reasonable level. To better prepare the health sector, the HSCC CWG established an AI Cybersecurity Task Force in October 2024, consisting of individuals from 115 healthcare organizations across the spectrum. The Cybersecurity Task Group has considered the complexity and the associated risks of AI technology in clinical, administrative, and financial health sector applications, and divided the identified AI issues into five manageable workstreams of discrete functional risk areas:

• Education and enablement
• Cyber operations & defense
• Governance
• Secure by design
• Third-party AI risk and supply chain transparency

Significant progress has been made across all workstreams, and in January, guidance will be published covering each of these areas. The guidelines will include best practices for healthcare organizations to adopt, and while not legally binding, they will help the sector effectively manage and reduce AI cybersecurity risks.

Ahead of the release, HSCC CWG published one-page summaries for each of these workstreams detailing the objectives, key focus areas, and deliverables in each area. HSCC CWG has also published a foundational document that describes the most important AI terms that healthcare organizations need to be aware of.

The education and enablement workstream covers the common terms and language used throughout the guidance to familiarize users with the use of AI in their functional environments and help them better understand risk and apply control activities.

The cyber operations and defense workstream provides practical playbooks for preparing for, detecting, responding to, and recovering from AI cyber incidents. That includes identifying requirements for conducting optimized AI-specific cybersecurity operations, defining AI-driven threat intelligence processes with appropriate safeguards to support clinical workflows, establishing operational guardrails for AI technologies beyond LLMs, including predictive machine learning systems and embedded device AI, and establishing clear governance and accountability.

The governance workstream provides a comprehensive framework that can be used by healthcare organizations of all sizes to manage the cybersecurity risks in their own clinical environments and ensure that AI is used securely and responsibly. The objective of the secure by design workstream is to define and develop secure-by-design principles specifically for AI-enabled medical devices, including practical guidance and tools to empower manufacturers and stakeholders to ensure the cybersecurity of AI-enabled medical devices throughout the entire product lifecycle.

Third-party AI risks and supply chain transparency aims to strengthen security, trust, and resilience through the enhancement of visibility and transparency of third-party tools, establishing oversight and governance polices, and standardizing processes for procurement, vetting, and lifecycle management.

The guidance will help to improve awareness and understanding of critical risk areas and provides a roadmap for implementing new AI technologies while ensuring safety and responsible use.

The post HSCC Publishes Preview of Health Sector AI Cybersecurity Risk Guidance appeared first on The HIPAA Journal.

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense Cyber Crime Center (DC3), Department of Health and Human Services (HHS), and international law enforcement partners about the Akira ransomware group, which has accelerated its attacks on critical infrastructure in recent months.

According to the FBI, Akira has been paid more than $244 million in ransoms since the group was first identified in March 2023. While Akira primarily targets small- to medium-sized organizations, the group has also attacked larger organizations, favoring sectors such as manufacturing, education, information technology, healthcare, financial services, and food and agriculture.

The group’s tactics are constantly evolving. While the group initially targeted Windows systems, a Linux version of its encryptor has been developed that is used to target VMware Elastic Sky X Integrated (ESXi) virtual machines (VMs), and recently the group has been observed encrypting Nutanix AHV VM disk files.

Akira typically uses stolen credentials for initial access, often obtained in spear phishing campaigns or through brute force attempts to guess weak passwords. Akira may also purchase access to compromised networks from initial access brokers. The group typically targets virtual private network (VPN) services that do not have multifactor authentication enabled, although vulnerabilities are also exploited. Akira has been observed exploiting vulnerabilities in Cisco devices (CVE-2020-3259; CVE-2023-70766) and has recently been observed exploiting a vulnerability in SonicWall Firewall devices (CVE-2024-40766). Once access has been gained, the group maintains persistence by using legitimate remote access tools such as LogMeIn and AnyDesk.

Like many other ransomware groups, Akira engages in double extortion tactics, stealing data and encrypting files, then demanding payment to prevent the publication of the stolen data on its leak site and to obtain the decryptrion keys.

“The threat of ransomware from groups like Akira is real and organizations need to take it seriously, with swift implementation of mitigation measures,” said Nick Andersen, Executive Assistant Director for the Cybersecurity Division (CSD) at CISA. The joint advisory about Akira ransomware was first issued in April 2024, but has now been updated with new tactics, techniques, and procedures (TTPs) and indicators of compromise (IoCs) from recent attacks, including new recommended mitigations. The most important mitigations are to ensure that vulnerabilities are patched promptly, especially the vulnerabilities detailed in the advisory; to implement and enforce phishing-resistant multifactor authentication; and to ensure that backups are made of all critical data, storing backups securely offline.

The post Warning Issued About Akira Ransomware as Attacks on Critical Infrastructure Accelerate appeared first on The HIPAA Journal.

Threat actors are actively exploiting multiple Cisco vulnerabilities for which patches were previously issued in August; however, attacks are ongoing, including attacks on devices that have been improperly patched.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity alert this week about two critical Cisco vulnerabilities – CVE-2025-30333 and CVE-2025-20362 – affecting Cisco Adaptive Security Appliances (ASA) and Firepower devices. The vulnerabilities affect devices running Cisco Secure ASA Software or Cisco Secure FTD Software and have CVSS v3.1 base scores of 9.9 and 9.8. The vulnerabilities can be exploited by sending specially crafted HTTP requests to a vulnerable web server on a device.

Cisco issued patches to fix the vulnerabilities in August this year, warning that hackers could exploit the flaws to execute commands at a high privilege level. The flaws allow threat actors to access restricted URL endpoints that should be inaccessible without authentication. By exploiting the flaws, attackers can execute code on vulnerable devices. If the vulnerabilities are chained, an attacker can gain full control of the devices. At the time the patches were issued, Cisco warned that the vulnerabilities had already been exploited as zero-days in the ArcaneDoor campaign, which exploited two other flaws.

While many organizations applied the patches and believed they were protected against exploitation, in some cases, the patches were applied without updating the minimum software version, leaving the organizations vulnerable to exploitation. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’ in the reporting template, but which were updated to a version of the software that is still vulnerable to the threat activity outlined in the [Emergency Directive], explained CISA in the alert. “CISA recommends all organizations verify the correct updates are applied.” CISA has published guidance on patching the two vulnerabilities and warned that immediate patching is required, including on devices that are not exposed to the Internet.

The post Urgent Patching Required to Fix Actively Exploited Cisco Flaws appeared first on The HIPAA Journal.

The UK pathology lab Synnovis suffered a ransomware attack last year. It has taken 17 months to complete the highly complex data review and notify the affected healthcare provider clients.

Synnovis provides blood, urine, and specimen testing for many healthcare organizations in the United Kingdom and has a pathology partnership with Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust in London, and SYNLANB, a provider of laboratory, diagnostic, and advisory services.

The ransomware attack occurred on June 3, 2024, when the Qilin ransomware group encrypted files on its network. Prior to encrypting files from its network, data was exfiltrated from its network. The ransomware attack caused massive disruption to business operations at Synnovis, interrupting many of its pathology services. Synnovis said that almost all of its IT systems were affected.

NHS trusts that relied on Synnovis for blood testing and other services were forced to cancel appointments, and the lack of blood testing led to a shortage of O-negative blood. The shortage continued for months, with stocks depleted across the country. Disruption to patient services was extensive, with more than 10,000 appointments cancelled in the wake of the attack.

Synnovis immediately launched an investigation and assembled a task force of experts from Synnovis, the affected NHS Trusts, NHS England, and third-party specialists to restore systems and data as quickly as possible. The UK’s National Crime Agency (NCA), the National Cyber Security Centre (NCSC), and the Information Commissioner’s Office (ICO) were notified, and Synnovis has been working closely with those agencies throughout the recovery process.

It took until late autumn 2024 to replace all of the affected IT infrastructure and restore systems and services to pre-attack operational levels. “By month four immediately after the cyberattack, we had rebuilt a new blood transfusion platform, by month five we had completed a substantial cloud migration of our core systems, and by November 2024 we had rebuilt over 75 applications and reconnected a vast pathology estate spanning seven locations from the ground up, including over 65 scientific analyzers and more than 120 individual connections”, explained Synnovis.

Determining which organizations and individuals had been affected and the data types involved has taken considerably longer. Synnovis explained that the ransomware group stole data in haste in a random manner from its working drives, and due to the exceptional scale and complexity of the data review, it has taken more than a year to complete. That process required bespoke systems and processes to be created to reconstruct the affected data.

Synnovis said the forensic analysis confirmed that no data was taken from its primary lab databases, and the data exfiltrated in the attack was not in a form that could easily be used by anyone with ill intent”. Despite an extensive forensic investigation, it was not possible to determine how the ransomware group gained access to its network. All IT infrastructure impacted by the attack was completely replaced.

Synnovis said it consulted with its affected NHS trust partners, and the decision was taken not to pay the ransom.  Doing so would have gone against its ethical principles, and the ransom would undoubtedly have been used to fund further attacks on other critical infrastructure entities, potentially threatening national security. The amount demanded by the ransomware group was not disclosed.

Synnovis has recently completed the data analysis and restoration, and the affected organizations are now being notified. Notifications will be completed by November 21, 2025, after which the affected organizations will decide whether notifications need to be issued to the affected patients under UK data protection laws. Synnovis stressed that the company will not be contacting any of the affected patients directly. Under UK data protection laws, it is down to the data controller to conduct their own legal and risk assessments to determine whether notifications are required. Any individual receiving a communication about the data breach that purports to have come directly from Synnovis rather than one of the affected organizations should assume it is a scam.

The incident clearly demonstrates the massive impact ransomware attacks can have on critical infrastructure. In this case, this was a calculated attack designed to cause as much damage and disruption as possible for financial gain.

June 22, 2024: Ransomware Group Leaks Data from 300 Million Patient Interactions with NHS

The Russian ransomware and extortion group Qilin has added the data stolen in the attack on Synnovis to its dark web data leak site after the deadline for paying the $50 million ransom demand expired.

Synovis, a provider of pathology services to the UK’s National Health Service (NHS), was attacked by the Qilin ransomware group on June 3, 2024, resulting in disruption to many of its services. Multiple NHS trusts in London continue to be affected by the attack, with the recovery expected to take several weeks. Synnovis does not anticipate fully recovering from the attack for several months.

Two of the worst-affected NHS trusts were the King’s College Hospital Foundation Trust and Guy’s and St Thomas’ Foundation Trust, two of the busiest NHS trusts in the country. The attack affected 7 hospitals operated by those trusts, forcing them to cancel 1,134 planned operations and 2,194 outpatient appointments in the first 13 days following the attack. Blood tests in the capital are operating at around 10% of normal levels.

As is typical in ransomware attacks, Qilin exfiltrated data before encrypting files. In the early hours of Friday morning, Qilin uploaded 400 GB of confidential data to its dark web data leak site, where it can be freely downloaded by cybercriminals. The uploaded data includes information from more than 300 million patient interactions with the NHS. The data upload is currently being verified but it appears to be genuine.

The data contains personally identifying information and blood test results, including highly sensitive test results for HIV, sexually transmitted infections, and cancer. It is likely to take several weeks before the exact types of data and the number of affected individuals are known due to the scale of the data theft. The data breach does not appear to be limited to NHS patients. Synnovis also provides pathology services to private healthcare providers, and some of the stolen data is understood to include private healthcare records.

The affected patients may now be subjected to extortion attempts due to the sensitivity of some of the stolen data. For instance, cybercriminals could threaten patients who tested positive for HIV by making that information public if they do not pay to have their data deleted.

The UK’s National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) are currently considering taking retaliatory action against the hacking group. Since this was an attack that affected the NHS and included the theft of NHS data, the attack is effectively an attack on the state. One of the main priorities is to try to take down as much of the uploaded data as possible.

The NCA recently headed an international law enforcement operation against the LockBit ransomware group that resulted in the seizure of its command and control infrastructure in February 2024. While the operation was a success, it was short-lived. The LockBit infrastructure was rapidly rebuilt, and the group was able to continue its operations. According to a recent report from NCC Group, LockBit was the most active ransomware group in May 2024.

June 18, 2024: More Than 1,500 Appointments Cancelled Following Ransomware Attack on NHS Pathology Vendor

At least 1,500 operations and outpatient appointments had to be canceled at two NHS trusts – King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust – following the ransomware attack on Synnovis. The affected NHS hospitals remain open and are continuing to provide care as normal; however, appointments have been postponed that rely heavily on pathology services, and blood testing is being prioritized for the most serious cases. For instance, many individuals have had phlebotomy appointments canceled. The canceled appointments included more than 100 cancer treatments and 18 organ transplants.

That number is likely to grow considerably as other NHS trusts were also affected by the attack, and the 1,500 canceled appointments were only for the period from 3-9 June. Synnovis is expecting to be able to restore some of its IT functionality in the coming weeks but anticipates that disruption will likely continue to be experienced for several months.

The attack is continuing to disrupt blood-matching tests, which has forced the affected hospitals to use O Negative and O Positive blood for patients who can’t wait for alternative matching methods. That has led to a shortage of O-type blood, with the NHS responding to the shortage by calling for the public to urgently arrange blood donation appointments across the country, with the high demand likely to continue for several weeks.

The Qilin ransomware group behind the attack told Bloomberg that they demanded a $50 million ransom payment and required payment to be made within 120 hours. They also claimed to have gained access to the Synnovis network by exploiting a zero-day vulnerability, although they did not state what vulnerability they exploited. The Qilin group has yet to add Synnovis to its data leak site, which could indicate Synnovis is negotiating with the group.

June 5, 2024: Care Disrupted at London Hospitals Due to Ransomware Attack on Pathology Vendor

A ransomware attack on a UK-based provider of medical laboratory services is disrupting patient services at multiple NHS hospitals in London, including Guy’s Hospital, St Thomas’ Hospital, King’s College Hospital, Royal Brompton Hospital, Evelina London Children’s Hospital, and other care sites in six London boroughs – Bexley, Greenwich, Lewisham, Bromley, Southwark, and Lambeth. The attack has had a much wider impact than initially thought, with the South London and the Maudsley (Slam) trust also affected, the largest provider of mental health services in the country, and GP surgeries throughout South London.

Synnovis, a provider of diagnostic and pathology services, published an alert on its customer service portal on Monday, warning that all of its systems are currently unavailable. An investigation has been launched, and its IT team is trying to determine the cause of the outage. The attack has now been linked to a Russian cybercriminal group called Qilin, which is known for using ransomware to encrypt files on victims’ networks and demanding ransom payments to decrypt files and prevent the release of stolen data. The attack appears to be confined to Synnovis. Hospitals connected to the IT systems of Synnovis do not appear to have had their own systems infiltrated.

On Monday, Synnovis notified the affected NHS Trusts that it had experienced a malware attack, and later confirmed in email messages that it was a ransomware attack. A critical incident emergency status has been declared in the region. Synnovis is working with the National Cyber Security Centre and the Cyber Operations Team to investigate and recover from the attack, but cannot yet say how long its systems will be offline.

The affected hospitals have tried and tested business continuity plans for critical incidents such as ransomware attacks, and they are continuing to provide care for patients, although the attack is having a significant impact on the delivery of services at the affected hospitals. Emergency services are still available, but the hospitals have lost pathology services, cannot perform quick-turnaround blood tests, and blood transfusions are particularly affected, so much so that a nationwide appeal has been launched by the NHS for O blood-type donors.

As a result, all non-emergency pathology appointments have been canceled or redirected to other hospitals, and hospital staff have been instructed only to request emergency blood samples. Synnovis can still conduct blood tests, but the results are being printed out when obtained from its laboratories, and they are being hand-delivered, as the lack of access to computer systems is preventing electronic transmission.

One of the problems with an attack such as this is that until it can be determined exactly what the hackers have done while inside the compromised systems, data cannot be trusted. The hackers could have manipulated test results on which decisions about patient care are made. As a result, test results need to be re-run and results re-recorded due to the risk of data manipulation.

According to data from the Information Commissioner’s Office (ICO), there have been 215 ransomware attacks on hospitals in the United Kingdom since 2019. Last year, ransomware attacks reached record levels, with at least 1,231 attacks conducted across all industry sectors in the UK. Government officials are concerned that many attacks are not being reported.

This is also not the first ransomware attack to affect Synnovis in 2024. The BlackBasta ransomware group attacked Synnovis in April this year and published all the data stolen in the attack on its leak site when the ransom was not paid. Cybercriminal groups are known to work together and provide access to compromised networks to other groups. It is unclear if the BlackBasta attack is linked to the Qilin attack.

The post NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack appeared first on The HIPAA Journal.

There has been a significant increase in cyberattacks targeting Android mobile devices in critical infrastructure sectors in the past year, according to a new report from the cybersecurity firm Zscaler. The biggest increase was in the energy sector, which saw a 387% increase in mobile attacks, followed by healthcare (224%) and manufacturing (111%).

The Zscaler ThreatLabz team analyzed data collected from customers’ mobile and Internet of Things (IoT) devices between June 2024 and May 2025, the findings of which were published in Zscaler’s 2025 Mobile, IoT & OT Threat Report. “Mobile, IoT, and OT systems have become the backbone of business operations today, enabling innovation and powering critical infrastructure across industries,” explained Zscaler in the report. “Mobile devices now dominate global connectivity, while IoT and OT systems keep manufacturing, healthcare, transportation, and smart cities running.”

Attackers are taking advantage of the proliferation of mobile devices and the expanding web of connectivity. The increase in hybrid and remote working, along with bring-your-own-device policies, has been a contributory factor in the growth of attacks targeting mobile devices for initial access. In the year to May 2025, Android malware transactions increased by 67%, with 239 malicious Android applications downloaded 42 million times from the Google Play Store. Google has controls to prevent malicious applications from being uploaded to its Play Store, but the figures show that attackers are circumventing those controls and can easily infect mobile devices.

IoT devices have proliferated in sectors such as manufacturing and healthcare and have become foundational to operations, but these devices have drastically increased the attack surface and are an easy target for intrusions. IoT devices often have security weaknesses and contain vulnerabilities that can be targeted to breach corporate networks and disrupt operations, most commonly using malware families such as Mirai, Mozi, and Gafgyt for botnet expansion and malicious payload delivery.

The interconnectedness of critical infrastructure sectors such as energy and healthcare, combined with the critical role these sectors play in daily life and national security, makes them attractive targets for sophisticated cyber campaigns. In these sectors, there is low tolerance of downtime, and in healthcare, attackers can access valuable and highly sensitive healthcare data. Attackers are targeting these sectors with sophisticated attacks designed to maximize impact and financial gain.

Zscaler predicts that the coming year will see a continued increase in AI-driven exploits, including hyper-targeted phishing campaigns. AI-driven threats can be difficult to identify, and call for AI-driven defenses. IoT and OT ransomware attacks are likely to continue to increase, especially in industries such as manufacturing, energy, and healthcare.

Zscaler warns that attackers are likely to increasingly target mobile applications as supply chain attack vectors, especially third-party mobile app development pipelines to inject malicious code into widely trusted apps, which will require continuous analysis of app permissions and behavior. Industries such as healthcare that have seen a massive increase in attacks will need to ensure that they have a robust mobile device security strategy

One of the most important defenses against increasingly sophisticated threats is the implementation of zero-trust architectures, and Zscaler says it uis especially important to implement zero-trust frameworks for internet-facing devices such as routers and other edge devices.

The post Healthcare Sees 224% Annual Increase in Attacks Targeting Mobile Devices appeared first on The HIPAA Journal.

The US Healthcare Cyber Resilience Survey from EY and KLAS Research has revealed that more than 7 out of 10 healthcare organizations have experienced significant business disruption due to cyberattacks in the past two years.

The survey was conducted on 100 healthcare executives responsible for cybersecurity decisions within their organization. On average, organizations experienced an average of five different cyber threats in the past year, the most common of which was phishing, experienced by 77% of organizations. The next most commonly encountered threats were third-party breaches (74%), malware (62%), data breaches (47%), and ransomware (45%). Only 3% of respondents reported not experiencing any cyber threats in the past year.

These cyber incidents are having a considerable impact on patient care and business operations. 72% of respondents reported that their organization experienced a moderate to severe financial impact due to cyberattacks in the past two years, 60% reported a moderate to severe operational impact, and 59% reported a moderate to severe clinical impact.

In healthcare, cybersecurity is often viewed as a set of defensive measures to protect against cyber threats and ensure compliance, but cybersecurity should be elevated to an organizational priority. Cyberattacks have a significant impact on patient care and business operations, damaging the organization’s reputation and affecting its bottom line. Healthcare organizations that make cybersecurity an organizational priority find that it creates value and helps them deliver better outcomes.

Cybersecurity investment should be aligned with outcomes such as reduced downtime, improved patient safety, and financial stability, and the survey suggests that CISOs are getting better at communicating this to the C-suite. When the cost of cybersecurity investment is compared to the cost of an outage on patient care and revenue, funds are often provided. The survey suggests that the main challenge is not getting the company to invest in cybersecurity, but to sustain the financial commitment over time, especially when budgets tighten or priorities shift. It can be especially hard to maintain that commitment when, after investing in cybersecurity, the organization continues to experience moderate to severe cyber events.

“Cyber needs to be a shared responsibility across the organization and the health ecosystem,” explained EY and KLAS in the report. “In a time of tight budgets, cutting cyber investments can leave health organizations more vulnerable and ultimately lead to higher costs. Health executives must pivot from viewing cyber as a cost center to a strategic enabler of the business.”

The problem faced by many organizations is competing organizational priorities and tight budgets, which were cited as a problem by two-thirds of respondents. Other challenges affecting healthcare organizations include a rapidly changing threat landscape, AI-driven threats, third-party risk management, and the difficulty of recruiting and retaining cybersecurity talent.

One of the main takeaways from the report is the importance of viewing cybersecurity as more than a set of technical and administrative safeguards to achieve compliance. Cybersecurity needs to be viewed as a value creator that is as critical to the success of other business needs, be that improved patient outcomes, geographical expansion, or smart care models. “When cyber is integrated into care delivery and operational and business strategy, it becomes more than compliance. It serves as a catalyst for trust, transformation, long-term resilience, and care delivery that is future-proof,” suggest EY and KLAS.

The post Cybersecurity Should Be Viewed as a Strategic Enabler of the Business appeared first on The HIPAA Journal.