KnowBe4 (www.KnowBe4.com), the provider of the world’s largest security awareness training and simulated phishing platform, has released its International Healthcare Report. The report delves into the current cybersecurity crisis facing the healthcare sector, particularly hospital groups worldwide.
In 2023, Africa experienced the highest average number of weekly cyberattacks per organization globally. One out of every 19 organizations on the continent faced an attempted attack every week. While South Africa’s healthcare sector has been fortunate to avoid a major attack since 2020, the increasing frequency of attacks in other sectors in the country suggests that a future attack is inevitable, posing a question of “when” rather than “if”.
Hospitals have increasingly become prime targets for ransomware attacks due to their extensive patient databases, sensitive information, and interconnected systems and equipment. Inadequate security measures have left hospitals vulnerable to cyber threats. In the event of an attack, cybercriminals could potentially take control of entire hospital systems, gaining access to not only patients’ health information but also their financial and insurance data.
Cyberattacks severely impact hospitals, leading to reduced patient care, loss of electronic system access, and a reliance on incomplete paper records. This can result in the cancellation of medical procedures, tests, appointments, and in some cases, loss of life.
Key points highlighted in the report include:
– The global healthcare sector experienced 1,613 cyberattacks per week in the first three quarters of 2023, almost four times the global average and significantly higher than the previous year.
– Healthcare has seen a substantial increase in cyberattack costs over the past three years, with the average breach cost nearing $11 million, three times more than the global average, making it the costliest sector for cyberattacks.
– Ransomware attacks have been the dominant type of cyberattack on healthcare organizations, constituting over 70% of successful attacks in the last two years.
– Between 79% and 91% of cyberattacks, across sectors, originate from phishing or social engineering tactics, granting cybercriminals access to accounts or servers.
– According to KnowBe4’s 2024 Phishing by Industry Benchmarking Report, healthcare and pharmaceutical organizations are among the most susceptible to phishing attacks, with a 51.4% likelihood of employees falling victim to a phishing email in large organizations within the sector.
KnowBe4 CEO Stu Sjouwerman states, “The healthcare sector remains a prime target for cybercriminals seeking to exploit the life-or-death situations hospitals face. With patient data and critical systems at risk, many hospitals feel compelled to pay hefty ransoms. Prioritizing comprehensive security awareness training can empower employees, fostering a positive security culture as a robust defense against phishing and social engineering attacks.”
The report examines cybersecurity in the healthcare sector across North America, Europe, the United Kingdom, Asia-Pacific, Africa, and Latin America. It also explores significant global ransomware attacks that took place between December 2023 and May 2024, their aftermath, and strategies for healthcare organizations to safeguard against cyber threats.
To access KnowBe4’s International Healthcare Report, click here.
Distributed by APO Group on behalf of KnowBe4.
About KnowBe4:
KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform, serves over 65,000 organizations globally. Founded by IT and data security expert Stu Sjouwerman, KnowBe4 aids organizations in addressing the human element of security by raising awareness of ransomware, CEO fraud, and other social engineering tactics through a modern approach to security training. The late Kevin Mitnick, globally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, contributed to designing the training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as the final line of defense, trusting the platform to bolster their security culture and mitigate human risk.