Reviewing the State of Healthcare Cybersecurity in 2024: 10 Key Takeaways from the Ponemon Institute Report

92% of surveyed organizations experienced at least one cyber attack in the last 12 months, according to Ponemon’s “The 2024 Study on Cyber Insecurity in Healthcare: The Cost and Impact on Patient Care and Safety.” On its own, this number is a cause for concern, especially as HDOs increasingly rely on cloud-delivered services, including Internet of Things (IoT) and Internet of Medical Things (IoMT) devices managed by Software-as-a-Service (SaaS) applications. 

At a high level, the report outlines the link between data protection and patient health outcomes. As HDOs adopt new technologies intended to improve patient care, the devices, data, and connected applications become high-value targets for cybercriminals. An inability to access patient data across interoperable systems impacts more than just information. It impacts patient health. 

These data points provide helpful insights heading into 2025 – especially when viewed through the lens of medical device and IoT security. As HDOs ramp up cybersecurity best practices and review critical compliance standards, securing attack vectors such as connected medical devices will play an important role in protecting patient health outcomes. 

1. Cyberattacks Disrupted Patient Care at Nearly 70% of HDOs

Unlike most other services, healthcare security directly impacts people’s lives and well-being. Modern HDOs increasingly rely on connected devices to manage patient care. From the moment patients walk through the door, their care relies on various technologies, including:

• Tablets for entering new patient information
• Hand-held diagnostic tools
• Connected heart monitors
• Infusion pumps

A security that requires the HDO to take networks offline means that these devices are no longer able to function as intended, disrupting patient care. 

2. 50% of HDOs Surveyed Said Data Loss or Exfiltration Increased Mortality Rate

When HDOs experience a data loss or exfiltration incident, they need to worry about more than just breach notification requirements for patients impacted. They have more immediate concerns related to patient physical health. The health outcomes that a data loss or exfiltration have also included:

• Delays in procedures and tests (37%)
• Increased complication from procedures (34%)
• Increased number of patients transferred or diverted to other facilities (33%)
• Longer stay (21%)

Accurate data is critical to ensuring patient health. If the data loss event impacts the patient’s medical and prescription histories, then helpful procedures could turn dangerous. For example, a medication to help regulate blood sugar could interfere with anesthesia. Without having access to accurate patient records, a procedure may need to be delayed or the patient could have an adverse reaction. 

3. 54% of HDOs are Most Concerned About Insecure Medical Devices

Medical devices present unique challenges for HDOs in the quest to secure their entire networked ecosystem, as many of these devices cannot be secured through traditional IT methods. Some examples of different medical devices that could fall into this category include:

• Imaging technologies, like MRI machines, that run outdated, unsupported operating systems like Windows 7 or Windows XP
• Implantable medical devices, including drug-delivery systems 
• Connected medical equipment, like anesthesia machines and patient monitors

Imaging machines running outdated operating systems were never intended to connect to the internet, meaning that they lack any inherent security controls. However, they are intended as long-term capital investments, meaning that they are not replaced often. Meanwhile, newer connected devices come with different security concerns as no set security standard exists for manufacturing IoT and IoMT devices. In 2025, organizations should seek out solutions that can safely secure these devices to reduce organizational risk.

4. The Average Cost of a Healthcare Cybersecurity Compromise in 2024 was $1.47 Million, Proving to be the Most Costly Disruption to Healthcare Operations

For the average business, disrupted service availability impacts customer satisfaction and workforce productivity. However, in the healthcare world, these disruptions impact overall ability to provide appropriate patient care, often creating additional issues like:

• Rescheduling or canceling procedures
• Inability to complete procedures in process at the time the disruption takes place
• Inaccurate diagnostics or monitoring for current patients

According to the research, the top five costs related to a healthcare cybersecurity compromise were:

• $1,469,524: Disruption to normal healthcare operations caused by system availability problems
• $995,484: Users’ idle time and lost productivity because of downtime or system performance delays
• $853,272: Time required to ensure the impact on patient care is corrected
• $711,060: Damage or theft of IT assets and infrastructure
• $711,060: Remediation & technical support activities, including forensic investigations, incident response activities, help desk and delivery of services to patients

When healthcare organizations can rapidly respond to security incidents, they can limit the incident’s impact on patient care and financial stability. To do this, they need granular visibility into their network traffic.

5. 55% Believe That AI-Based Security Technologies Will Improve IT Security Personnel’s Productivity

Artificial intelligence (AI) is critical to security and healthcare outcomes.  As HDOs seek to improve security, they have embraced artificial intelligence. According to the research:

• 28% embed AI in security
• 26% plan to adopt AI in the future

Some implementations for using AI to improve security personnel productivity include:

• Improving alert accuracy
• Analyzing user and device behavior
• Generating risk scores and metrics for managing cybersecurity

As HDOs implement their budgets going forward into 2025, they will likely consider how technologies integrate and enhance their overarching AI capabilities. This should be used with caution, as many AI technologies are still in nascent stages. Partnering with cybersecurity organizations that have strict protocols in place to maintain their AI technology should remain a best practice for HDOs.

6. 48% of HDOs are Shifting Focus to Preventing Attacks Against Medical Devices

While medical device security is the third most important initiative reported by HDOs in the report, the top two concerns implicate medical device concerns. Ahead of medical devices, HDOs are concentrating on:

• Cloud/account compromises (67%)
• Ransomware (65%)

For many organizations, these top three concerns are highly intertwined. For example, many connected devices can connect to a cloud account that could be compromised, and cybercriminals can use vulnerable medical devices as entryways for delivering ransomware. As healthcare organizations tackle these three issues, they need interconnected data to fully understand risk. 

7. 55% of HDOs Say the Lack of In-House Expertise Prevents the Security Program from Being Fully Effective

Lacking in-house expertise is a part of a larger set of interrelated problems, as evidenced by the rest of the data that includes:

• Lack of clear leadership (49%)
• Insufficient staffing (42%)
• Insufficient budget (40%)
• Lack of cross-functional collaboration (40%)

These issues create an overarching cycle that makes healthcare cybersecurity even more challenging. Lack of internal expertise means that no single person has comprehensive knowledge to manage the overarching security function, especially since networking and device management are increasingly critical to protecting data. Meanwhile, without clear leadership, the different budgets and staffing are split across the various functions that have difficulty collaborating. For many HDOs, staff augmentation can be a cost-effective and productivity-boosting initiative. Partnering with a cybersecurity technology organization that also offers professional risk reduction services can ensure better implementation of cybersecurity programs.

8. 52% of Respondents Indicate that Patch and Vulnerability Management is the Second Most Important Security Method Used to Reduce Phishing and Email-Based Attacks 

Antivirus/antimalware solutions were the number one most important method, coming in at 53% to barely eke out the win. However, as HDOs expand their investment in IoT and IoMT, the reliance on anti-virus/anti-malware technologies creates a security weakness. IoT and IoMT devices have limited processing power which makes installing and running anti-virus/anti-malware software challenging. 

Additionally, as HDOs improve their patch and vulnerability management programs, they need to consider their IoT/IoMT device fleets. Many traditional vulnerability scanners use active scanning techniques that can take the IoT/IoMT devices offline. Without passive scanning technologies for identifying vulnerabilities in IoT/IoMT, HDOs will still have a security gap. 

9. 46% of HDOs Rely on Encryption to Protect Data-in-Transit

Encrypting data mitigates risks arising from attackers gaining access to networks, but it fails to provide comprehensive data protection. Recognizing this, HDOs supplement data-in-transit encryption with the following:

• 44% use cloud security tools
• 41% encrypt data-at-rest
• 36% use a unified data loss prevention platform

These protections only work for traditional technologies. IoT and IoMT both manage and transmit sensitive data, including electronic protected health information (ePHI). However, they rarely encrypt data stored on them. Further, the security cloud tools and data loss prevention platforms may fail to adequately identify information leaked from these devices. 

10. Over 50% Use a Combination of Tools to Prevent Lateral Movement Across Networks 

IAM and PAM respond to traditional user access issues, like gaining unauthorized access to applications – and have been widely adopted as part of an HDO’s overall risk reduction strategy. However, this focus on IAM and PAM overlooks the problems that remote access to IoT and IoMT devices can pose. Many of these devices lack robust authentication, like multi-factor authentication (MFA) because of their design. 

Further, the reliance on IAM and PAM may show that someone with authorized credentials gained access to networks, but they fail to incorporate information about the devices used or how these people use their access. Looking deeper into the survey results, these issues can create blindspots as less than 40% of HDOs use device and network monitoring to gain insights:

• 39% use endpoint protection
• 35% use intrusion detection and prevention systems
• 33% use user and entity behavior analytics

To secure all access points, HDOs should consider technologies that give them deeper insights into both endpoint security and network activity, including the ability to understand device communications. 

Asimily: Bringing IoT and IoMT Security into Focus

With Asimily’s patented vulnerability prioritization capabilities, you gain holistic visibility into all medical devices connected to your networks so that your HTM, IT, and security teams can begin working toward a comprehensive security program.

HDOs efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that cross-references vast amounts of data from resources like Manufacturer Disclosure Statements for Medical Device Security (MDS2s), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment so that our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.

By leveraging Asimily’s advanced Vulnerability prioritization and Management and Incident Response capabilities you can mature your IoMT security risk management program. Schedule a consultation with an Asimily expert to see how you can efficiently prioritize and remediate vulnerabilities with the leading IoMT risk management platform.