Healthcare Cybersecurity Market

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free

Healthcare Cybersecurity Market

by James G. Barr

Docid: 00021351

Publication Date: 2201

Report Type: MARKET


What was once considered absolute – doctor/patient confidentiality – may
become more tenuous as electronic medical records become the
norm. Like any industry, the healthcare sector is struggling with its
obligation to preserve the confidentiality of client (patient) records
while protecting the free flow of information among industry
providers. Regulatory compliance is a major issue for providers, as
is finding a suitable healthcare cybersecurity partner.

Report Contents:

Executive Summary

[return to top of this

“What I may see or hear in
the course of the treatment or even outside of the treatment in regard to
the life of men, which on no account one must spread abroad, I will keep
to myself holding such things shameful to be spoken about.”

– Excerpt from The
Hippocratic Oath1

From the time of Hippocrates, healthcare data security has been a
persistent concern among doctors and patients, leading to the
establishment of doctor-patient confidentiality as a sacred trust. What
was once considered absolute and automatic however, the protection of
patient records, is becoming more tenuous as electronic medical records
become the norm. Ironically, despite the security implications, this
transition to electronic records has been encouraged by government as both
a cost-cutting measure, since electronic records are cheaper to administer
than their paper counterparts, and a means of improving patient care by
facilitating the exchange of information between members of the healthcare
community, as, for example, from doctors to hospitals to insurance

While reducing overhead, the return on investment for healthcare
providers from electronic medical records is somewhat mitigated by
increased security spending on new and more sophisticated cybersecurity
systems and services, as well as fees for consulting firms hired to ensure
that providers are in compliance with the Health Insurance Portability and
Accountability Act (HIPAA) and other healthcare security and privacy
standards and regulations.

Healthcare Threat Vectors

The major threats facing today’s healthcare providers – which, in many
cases, are the same threats facing providers in other sectors like Finance
– are:

  1. Mobility – an increasing number of healthcare data breaches involve
    laptops and other mobile devices.
  2. Regulations – notably, persistent attempts to “repeal and replace” the
    US Affordable Care Act (a.k.a., “Obamacare”), producing an uncertain
    regulatory environment.
  3. Outdated or poorly-performing IT infrastructure.
  4. The non-existence – on non-enforcement – of policies governing
    encryption, identity and access management, data loss prevention, and
    timely patch management.
  5. New malware strains – especially ransomware variants.
  6. Less-than-secure cloud services and repositories.
  7. Targeted theft of personally identifiable information (PII) –
    particularly patient records, and especially by insiders.
  8. Intellectual property piracy – particularly data pertaining to new or
    advanced medical devices or systems.
  9. Poor IT/security governance – including inadequate IT/security
    staffing and insufficient IT/security training.
  10. Telehealth operations – where confidential patient information is
    shared over insecure networks.
  11. Lack of commitment to security among healthcare professionals –
    particularly clinicians.
  12. COVID-19 – specifically, the distractive influence of the pandemic on
    healthcare operations, including cybersecurity.
  13. A target-rich healthcare ecosystem that encompasses patient care
    services, medical manufacturing and development, and pharmaceuticals.2,3,4

Healthcare Cybersecurity Services

To effectively manage healthcare cybersecurity threats, there is a
growing consensus among healthcare providers that their primary healthcare
cybersecurity partner should be:

  • Well resourced and reputable, of course.
  • A major presence in the security services field, perhaps a managed
    security services provider (MSSP).
  • Knowledgeable about the healthcare industry; ideally, offering a
    general healthcare practice that features both security- and
    non-security-related healthcare solutions.

Market Dynamics

[return to top of this

HIPPA Is Serious About Cybersecurity

Figure 1 is part of a US Department of Health and Human Services (HHS)
infographic that prescribes how HIPAA-covered healthcare organizations
should respond to a cyber attack. HIPAA requirements – augmented by basic
business sense – are propelling the healthcare security market.

Figure 1. HHS Cyber Attack Quick Reference Guide

Figure 1. HHS Cyber Attack Quick Reference Guide


The Healthcare Sector Is Enormous, Hence Healthccare Cybersecurity
Concerns Are Enormous

US healthcare spending accounts for 18 percent (or about one-fifth) of
America’s gross domestic product, about $3.5 trillion annually, according
to the Centers for Medicare & Medicaid Services.

Owing to COVID-19 and its variants, an aging population, and escalating
healthcare delivery costs, healthcare is expected to represent an even
larger share of the nation’s economy over the next decade.

Healthcare officials, therefore, should expect – and provide for –
commensurate increases in healthcare cybersecurity spending.

Healthcare Records Are Especially Vulnerable Owing to Their Inherent
Value and Cloud Accessibility

Analyst Jeff Lagasse reports that healthcare records are targeted by
cyber thieves owing to their inherent value. “Cyberattacks occur largely
because of the high price of stolen healthcare records, which net about
$50 per file on the black market.” Complicating the situation, the Cloud,
which is increasingly the destination of choice for healthcare records, is
a risky environment. “[According] to a McAfee survey, 93 percent of cloud
services are medium- to high-risk, which makes it easier for cyber
attackers to get their hands on patient records.” As one measure of risk,
“The average healthcare organization uploads almost seven terabytes of
data each month, but only 15.4 percent of services have [multi-factor]
authentication support, which is essential in preventing breaches.”5

Amplifying on the Internet threat, Reports and Data, a prominent research
firm, observes that “The healthcare industry progressively depends on …
[technologies that are] connected to the Internet, from patient records
and lab results to radiology equipment and hospital elevators. It has
proved to be lucrative for … patient care, as … it facilitates data
integration, patient engagement, and clinical support. On the other hand,
those technologies are often vulnerable to cyber attacks, which can siphon
off patient data … or shut down an entire hospital until a ransom is

Since the Consequences of Systemic Healthcare IT Failures Can Be
Catastrophic, Ransomware Is Recognized As a Major Threat Vector

The latest – and most disturbing – trend in ransomware proliferation is
the targeting of hospitals and other healthcare facilities – a
particularly perverse form of digital extortion considering how precious
medical resources have become as the COVID-19 pandemic (soon endemic)
continues to spread

As recently reported by Nicole Perlroth in The New York Times,
“St. Lawrence Health System in New York confirmed that two of its
hospitals, Canton-Potsdam and Gouverneur, were hit by ransomware attacks
… that caused them to shut down computer systems and divert ambulances.
Sky Lakes Medical Center in Oregon was also crippled by a ransomware
attack … that froze electronic medical records and delayed surgeries.”7

Due to the Complexity of the Healthcare Ecosystem, Healthcare
Cybersecurity Requires a Holistic Approach

The healthcare data user community is incredibly diverse, with primary
consumers ranging from patients to doctors to HMOs to clinics to hospitals
to pharmacies to insurance companies and beyond. Each user group has
different operational needs, different concerns relative to patient
privacy, and different perspectives on cybersecurity. No single security
solution can satisfy these disparate interests; only a truly holistic
approach that integrates best-of-breed healthcare cybersecurity systems
and services can ensure both the utility and confidentiality of healthcare

The Human Element Plays a Disproportionate Role In Healthcare Data

While the exact figures are unknown, many healthcare providers
acknowledge that an unacceptably large percentage of data breaches are the
results of errors and omissions committed by provider personnel and

Analyst Steve Morgan observes that according to a report analyzed by
Health IT Security, 24 percent of US health employees have never
received cybersecurity awareness training, which is aimed at detecting and
deterring phishing scams, a prominent source of cyber violations.8

Affecting greater cybersecurity demands more than technology; it requires
comprehensive security and cybersecurity awareness training.

The COVID-19 Pandemic Has Produced New Cybersecurity Threats

Hackers have shown no reluctance to exploit to a pandemic-plagued
populace. As evidence:

  • The incidence of medical device interference is up, particularly as
    patients increasingly rely on remote care.
  • Makeshift medical facilities, often featuring makeshift cybersecurity,
    have become inviting targets.
  • Phishing scams, which falsely reference respected entities like the
    World Health Organization (WHO) and the US Centers for Disease Control
    and Prevention (CDC), have exploded.9

Market Leaders

[return to top of this

Prominent players in the healthcare cybersecurity market space include:

  • Cisco
  • FireEye
  • IBM
  • Kaspersky Lab
  • McAfee
  • Symantec (Broadcom)
  • Trend Micro

For healthcare providers seeking to outsource their cybersecurity
functions, engaging a managed security services provider (MSSP) is an
attractive option. Prominent players include:

  • Accenture
  • AT&T
  • Capgemini
  • Deloitte
  • Fujitsu
  • IBM
  • NTT
  • Secureworks
  • Trustwave
  • Verizon


One prominent cybersecurity provider, Symantec, advocates organizing
cybersecurity technologies around the US National Institute of Standards
and Technology (NIST) Cybersecurity Framework. The CSF is logically
divided into five “core” functions:

  • Identify – Develop an organizational understanding to manage
    cybersecurity risk to systems, people, assets, data, and
  • Protect – Develop and implement appropriate safeguards to ensure
    delivery of critical services. 
  • Detect – Develop and implement appropriate activities to identify the
    occurrence of a cybersecurity event.
  • Respond – Develop and implement appropriate activities to take action
    regarding a detected cybersecurity incident.
  • Recover – Develop and implement appropriate activities to maintain
    plans for resilience and to restore any capabilities or services that
    were impaired due to a cybersecurity incident.

In a 2018 white paper entitled “Adopting the NIST Cybersecurity Framework
in Healthcare,” Symantec aligns its various cybersecurity technologies
with each of the CSF functions, as illustrated in Table 1.

Table 1. NIST CSF Functions and Their Associated Symantec Technologies
NIST Function Protection
Symantec Technologies
Identify Identify and manage assets Endpoint Management, Data Loss Prevention (DLP)
Discover and classify sensitive information Data Loss Prevention, Cloud Access Security Broker (CASB)
Define business environment and governance Compliance Automation
Risk Assessment and Risk Management Compliance Automation
Protect Identity Management and Access Control Multi-factor Authentication, CASB, Proxy
Awareness and Training Compliance Automation, Education Services
Data Security DLP, Encryption, Proxy, CASB
Information Protection Policies & Procedures Compliance Automation, Endpoint Management, DLP, Encryption,
Proxy, CASB, Incident Response
Maintenance Endpoint Management, Multi-factor Authentication, Endpoint
Protection, CASB
Protective Technology Advanced Threat Protection (ATP), Multi-factor Authentication,
DLP, Endpoint Protection, CASB
Detect Anomalies & Events Security Services, ATP, E-mail/Web Gateway, Proxy, CASB
Security Monitoring Multi-factor Authentication, Endpoint Protection ATP, E-mail/Web
Gateway, Security Proxy, CASB
Detection Process Compliance Automation, ATP, Security Services, Security Analytics
Response Response Planning Incident Response
Communications Compliance Automation, Security Services, Incident Response
Analysis ATP, Security Services, Incident Response
Mitigation Endpoint Protection, ATP, Proxy, Incident Response
Improvements Endpoint Management, DLLP, Endpoint Protection, ATP, Security
Services, Incident Response
Recover Recovery Planning Compliance Automation, Security Services, Incident Response
Improvements Compliance Automation, Security Services, Incident Response
Communications Compliance Automation

Source: Symantec10

[return to top of this

The Two Biggest Healthcare Cybersecurity Trends Are the Cloud and

Already regarded as fixtures in any discussion of healthcare
cybersecurity, in 2022 and beyond the healthcare industry will witness:

  • More cloud initiatives – Cloud services are more convenient and
    generally cheaper; and
  • More ransomware – Healthcare officials are softer targets since they
    are understandably inclined to “pay up” given the alternative of
    compromised patient care.

The Healthcare Cybersecurity Market Is Booming

According to Research and Markets, the global healthcare cybersecurity
market should reach $28.4 billion by 2027, achieving a compound annual
growth rate (CAGR) of 16.3 percent during the forecast period.11

Healthcare Data Breaches Are Imposing a Significant Financial Burden

In July 2021, “IBM Security … announced the results of a global study
which found that data breaches now cost surveyed companies $4.24 million
per incident on average – the highest cost in the 17-year history of the
[annual] report. Healthcare breaches cost the most by far, at $9.23
million per incident – a $2 million increase over the previous year.”12

The Healthcare Cybersecurity War Is Being Waged at the Network’s Edge

The wholesale embrace of smartphones and other mobile devices, including
tablets and specialized medical equipment, signals an on-going shift in
the healthcare cybersecurity battlefield from the enterprise server room
to the doctor’s lab coat and patient’s pocketbook.

Contactless and RFID Readers Are Being Used for Physical and Logical
Control Access Applications

As one step to improve healthcare cybersecurity, Research and Markets
reports that “contactless and RFID readers are being used for physical and
logical control access applications. For instance, ELATEC readers are used
for securing print management and other healthcare ecosystem

Strategic Planning Implications

[return to top of this

Healthcare Experience Is Key

Cybersecurity is cybersecurity. In most cases, the same technologies and
tools utilized to protect healthcare data are employed to secure
enterprise data in general. In terms of selecting a healthcare
cybersecurity provider, the most important factor is the provider’s
connection to the healthcare industry. Vendors that provide general
healthcare services – in addition to full-function cybersecurity solutions
– are probably best positioned to serve healthcare industry customers.

Better Data, Better Protection

The fight against ransomware is being frustrated due to a lack of vital
information. Owing to public relations, insurance, and other factors,
cyber attacks are under-reported and under-documented, robbing the
healthcare community of the critical intelligence needed to formulate
effective defense plans and implement effective cyber countermeasures.
Regretably, much of the current cyber attack data can be attributed to
information published or leaked by cyber attackers themselves, hardly the
most reliable source.14

Help Wanted: US Government

Analyst Zachary Hendrickson assets “that healthcare’s data breach crisis
won’t be solved without a concerted effort from the US
government. The digital transformation of healthcare has largely been
spurred by US government legislation that ushered in the age of electronic
health records and made possible many of the digital health
innovations we see today.

“But it did not provide a strong enough framework or assistance for how
healthcare organizations ought to transform. And the healthcare data
breach crisis is unlikely to be solved by struggling hospitals
implementing piecemeal cybersecurity plans. Hence, the government may need
to step in to help deliver a better cybersecurity framework amid its push
toward the promises of digital health.”15

Analyst Stephane Duguin concurs. “Governments must take proactive steps
to protect the healthcare sector. They must raise the capacity of their
national law enforcement agencies and judiciary to act in the event of
extraterritorial cases so that threat actors are held to account.”16

A Healthcare Cybersecurity Prescription

Implementing cybersecurity in a healthcare environment offers both
familiar and unfamiliar challenges:

  • Familiar in the sense that most cybersecurity best practices – like
    encryption – are universal, and apply to all industry categories,
    including healthcare.
  • Unfamiliar in the sense that healthcare data has a broad reach – with
    single information elements, like patient records, flowing across
    multiple enterprises (from a doctor’s office to a hospital to an
    insurance company, for example) in what amounts to a spontaneous supply

The best course (indeed, probably the only course) for healthcare
providers is to focus on their link in the healthcare chain – and to
maximize the protection of healthcare data under their control.

As a prescription for healthcare cybersecurity, providers should:

  1. Encrypt all healthcare data while at rest or in transit.
    Too much data has been compromised by lost or stolen laptops, for
  2. Implement a robust data access management system featuring
    biometric controls
    . Biometric controls remain the best
    insurance against access breaches.
  3. Conduct regular risk assessments. Although mandated
    by HIPAA – but often viewed as an inconvenience – risk assessments help
    establish how healthcare data flows in and out of the enterprise. Only
    by understanding these dynamics, can healthcare providers erect the
    requisite internal cybersecurity controls.
  4. Train all employees. As David Finn, health
    information technology officer at Symantec, reminds us, “At the end of
    the day, health information security is about people. The security is
    only going to be as strong as the individuals using the systems.”
  5. Treat healthcare data like trade secrets. When
    devising and deploying healthcare cybersecurity measures, healthcare
    providers should apply the same controls they would apply in
    safeguarding enterprise trade secrets or other proprietary information.
    In other words, protecting healthcare data (patient information) should
    be priority one.
  6. Ensure that all healthcare cybersecurity protocols are
    consistent with all relevant healthcare cybersecurity and privacy
    . HIPAA is the beginning, not the end.
  7. Finally, do not fly solo. Partner with a healthcare
    cybersecurity provider. At the very least, enlist the services of a
    well-respected third-party firm to perform an independent audit of
    healthcare cybersecurity policies and procedures.

Anticipate New Threat Vectors

Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures,
warns that “The scariest of all cyber [threats to] the healthcare space
may lie ahead. Researchers in Israel announced [in 2019] that they’d
created a computer virus capable of adding tumors into CT and MRI scans –
malware designed to fool doctors into misdiagnosing high-profile patients,
according to a story by Kim Zetter in the Washington Post.”17

Healthcare personnel must be vigilant in assessing the validity of
clinical data, allowing for the possibility of cyber-enabled data


[return to top of this

About the Author

[return to top of this

James G. Barr is a leading business continuity analyst
and business writer with more than 40 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying
, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at

[return to top of this