the health
transformation
knowledge portal
Joaquim Cardoso MSc
March 8, 2024
This summary is based on the article “It is time do elevate cybersecurity to the CEO Agenda”, published by Oliver Wyman and written by Jim Fields, Paul Mee, and Nikhil Sarathion.
What is the message?
The recent cyberattack on Change Healthcare underscores the urgent need to prioritize cybersecurity as a critical business imperative within healthcare organizations.
CEOs and COOs must lead this charge, recognizing that cybersecurity impacts every facet of an organization’s operations, finances, and patient care.
ONE PAGE SUMMARY
What are the key points?
Change Healthcare Incident: The cyberattack on Change Healthcare, labeled as the most significant in US healthcare history, disrupted critical functions, highlighting the far-reaching consequences of cybersecurity breaches.
Sector-wide Vulnerabilities: The healthcare sector faces escalating cyber threats, with attacks becoming more frequent, sophisticated, and costly. Patient data is a lucrative target on the black market.
Focusing on Business Resiliency: Despite the increasing risks, many healthcare organizations struggle to allocate sufficient resources to cybersecurity. However, the cost of inaction far exceeds the investment needed to bolster defenses.
A 5-step Resiliency Program: A proactive approach to cybersecurity involves assessing vulnerabilities, educating employees, planning responses, implementing robust technical controls, and fostering collaboration within the industry and with external partners.
Elevating Cybersecurity: CEOs and COOs must embed resilience planning into strategic decision-making processes, ensuring that cybersecurity is a corporate priority and that all stakeholders are engaged in mitigating cyber risks.
What are the key statistics?
Healthcare organizations spend an average of 7% or less of their IT budget on cybersecurity.
Cyberattacks costing organizations $10 million or more are increasingly common.
Patient data can fetch up to $1,000 on the black market, making it a prime target for cybercriminals.
What are the key examples?
The Change Healthcare cyberattack disrupted operations across the industry, affecting claims processing, provider reimbursements, and patient care.
Ann and Robert H. Lurie Children’s Hospital of Chicago experienced similar challenges during a cyberattack, underscoring the widespread vulnerabilities in healthcare.
Conclusion
To mitigate the growing cyber threats facing the healthcare sector, CEOs and COOs must prioritize cybersecurity as a business imperative.
By investing in resiliency planning, fostering collaboration, and elevating cybersecurity to the corporate agenda, organizations can minimize disruptions and protect patient care, financial stability, and operational continuity.
It’s imperative for healthcare leaders to act decisively to safeguard their organizations and the broader healthcare system from cyber threats.
To read the original publication, click here.
