A growing number of healthcare leaders are sounding the alarm that cyberattacks aren’t just a tech issue anymore. They’re directly impacting patient care.
According to a new report from Omega Systems, 20% of executives say a cyberattack has already disrupted care at their organisation. Further, more than half believe a fatal incident, one that actually results in patient death, is likely within the next five years.
It’s a sobering outlook, but it reflects what many in the industry are already seeing: more attacks, more damage, and growing pressure on systems that aren’t built to handle it.
The Threats Are Real and Widespread
In the past year, 80% of healthcare organisations experienced at least one cyberattack. The most common tactics are Social engineering (48%) and ransomware (34%). While some attacks cause brief disruptions, others hit harder. More than 25% of organisations say at least half of their sensitive patient data has been put at risk.
What’s more troubling is that many healthcare teams are still relying on outdated infrastructure and understaffed security teams to fend off increasingly sophisticated threats.
Interestingly, 80% of healthcare leaders say they feel confident in their teams’ ability to stop AI-powered cyberattacks. But when you dig deeper, that confidence doesn’t quite hold up.
Nearly 30% don’t regularly train employees to spot or respond to cyber threats. Over half (53%) run phishing simulations. Twenty percent lack an effective incident response plan altogether and nearly 25% say it could take them up to a month to detect and contain a data breach.
Old Tech, Big Problems
More than half of healthcare leaders (56%) say legacy infrastructure would slow down recovery after a breach. Over a 30% admit their tools can’t adequately protect cloud-based data. Despite the rise in digital health tools, many organisations still haven’t adopted advanced security solutions like next-gen endpoint detection or data discovery tools.
In fact, 34% of leaders say they don’t even know what sensitive data is at risk across their network, making proactive defence a serious challenge.
Teams Are Stretched, Compliance Is a Grind
While most healthcare organisations have internal IT and security teams, many are under-resourced. About 20% of leaders say they don’t have enough experienced staff to respond quickly to a cyberattack, and they’re not backed by around-the-clock support, either.
Compliance is another pressure point. Despite looming HIPAA updates, 54% of companies still use manual processes to manage compliance. Staying current with changing regulations is the top challenge for 60% of leaders, and more than half say they simply don’t have the time or resources to keep up.
Despite all of these risks, more than half of healthcare organisations aren’t working with a Managed Security Service Provider (MSSP). The report shows MSSP-supported organisations are faster at detecting threats, better at assessing vulnerabilities, and more prepared for HIPAA requirements.