Healthcare Cybersecurity Market
Copyright 2022, Faulkner Information Services. All
Publication Date: 2201
Report Type: MARKET
What was once considered absolute – doctor/patient confidentiality – may
become more tenuous as electronic medical records become the
norm. Like any industry, the healthcare sector is struggling with its
obligation to preserve the confidentiality of client (patient) records
while protecting the free flow of information among industry
providers. Regulatory compliance is a major issue for providers, as
is finding a suitable healthcare cybersecurity partner.
- Executive Summary
- Market Dynamics
- Market Leaders
- Market Trends
- Strategic Planning
- Web Links
[return to top of this
“What I may see or hear in
the course of the treatment or even outside of the treatment in regard to
the life of men, which on no account one must spread abroad, I will keep
to myself holding such things shameful to be spoken about.”
– Excerpt from The
From the time of Hippocrates, healthcare data security has been a
persistent concern among doctors and patients, leading to the
establishment of doctor-patient confidentiality as a sacred trust. What
was once considered absolute and automatic however, the protection of
patient records, is becoming more tenuous as electronic medical records
become the norm. Ironically, despite the security implications, this
transition to electronic records has been encouraged by government as both
a cost-cutting measure, since electronic records are cheaper to administer
than their paper counterparts, and a means of improving patient care by
facilitating the exchange of information between members of the healthcare
community, as, for example, from doctors to hospitals to insurance
While reducing overhead, the return on investment for healthcare
providers from electronic medical records is somewhat mitigated by
increased security spending on new and more sophisticated cybersecurity
systems and services, as well as fees for consulting firms hired to ensure
that providers are in compliance with the Health Insurance Portability and
Accountability Act (HIPAA) and other healthcare security and privacy
standards and regulations.
Healthcare Threat Vectors
The major threats facing today’s healthcare providers – which, in many
cases, are the same threats facing providers in other sectors like Finance
- Mobility – an increasing number of healthcare data breaches involve
laptops and other mobile devices.
- Regulations – notably, persistent attempts to “repeal and replace” the
US Affordable Care Act (a.k.a., “Obamacare”), producing an uncertain
- Outdated or poorly-performing IT infrastructure.
- The non-existence – on non-enforcement – of policies governing
encryption, identity and access management, data loss prevention, and
timely patch management.
- New malware strains – especially ransomware variants.
- Less-than-secure cloud services and repositories.
- Targeted theft of personally identifiable information (PII) –
particularly patient records, and especially by insiders.
- Intellectual property piracy – particularly data pertaining to new or
advanced medical devices or systems.
- Poor IT/security governance – including inadequate IT/security
staffing and insufficient IT/security training.
- Telehealth operations – where confidential patient information is
shared over insecure networks.
- Lack of commitment to security among healthcare professionals –
- COVID-19 – specifically, the distractive influence of the pandemic on
healthcare operations, including cybersecurity.
- A target-rich healthcare ecosystem that encompasses patient care
services, medical manufacturing and development, and pharmaceuticals.2,3,4
Healthcare Cybersecurity Services
To effectively manage healthcare cybersecurity threats, there is a
growing consensus among healthcare providers that their primary healthcare
cybersecurity partner should be:
- Well resourced and reputable, of course.
- A major presence in the security services field, perhaps a managed
security services provider (MSSP).
- Knowledgeable about the healthcare industry; ideally, offering a
general healthcare practice that features both security- and
non-security-related healthcare solutions.
[return to top of this
HIPPA Is Serious About Cybersecurity
Figure 1 is part of a US Department of Health and Human Services (HHS)
infographic that prescribes how HIPAA-covered healthcare organizations
should respond to a cyber attack. HIPAA requirements – augmented by basic
business sense – are propelling the healthcare security market.
Figure 1. HHS Cyber Attack Quick Reference Guide
The Healthcare Sector Is Enormous, Hence Healthccare Cybersecurity
Concerns Are Enormous
US healthcare spending accounts for 18 percent (or about one-fifth) of
America’s gross domestic product, about $3.5 trillion annually, according
to the Centers for Medicare & Medicaid Services.
Owing to COVID-19 and its variants, an aging population, and escalating
healthcare delivery costs, healthcare is expected to represent an even
larger share of the nation’s economy over the next decade.
Healthcare officials, therefore, should expect – and provide for –
commensurate increases in healthcare cybersecurity spending.
Healthcare Records Are Especially Vulnerable Owing to Their Inherent
Value and Cloud Accessibility
Analyst Jeff Lagasse reports that healthcare records are targeted by
cyber thieves owing to their inherent value. “Cyberattacks occur largely
because of the high price of stolen healthcare records, which net about
$50 per file on the black market.” Complicating the situation, the Cloud,
which is increasingly the destination of choice for healthcare records, is
a risky environment. “[According] to a McAfee survey, 93 percent of cloud
services are medium- to high-risk, which makes it easier for cyber
attackers to get their hands on patient records.” As one measure of risk,
“The average healthcare organization uploads almost seven terabytes of
data each month, but only 15.4 percent of services have [multi-factor]
authentication support, which is essential in preventing breaches.”5
Amplifying on the Internet threat, Reports and Data, a prominent research
firm, observes that “The healthcare industry progressively depends on …
[technologies that are] connected to the Internet, from patient records
and lab results to radiology equipment and hospital elevators. It has
proved to be lucrative for … patient care, as … it facilitates data
integration, patient engagement, and clinical support. On the other hand,
those technologies are often vulnerable to cyber attacks, which can siphon
off patient data … or shut down an entire hospital until a ransom is
Since the Consequences of Systemic Healthcare IT Failures Can Be
Catastrophic, Ransomware Is Recognized As a Major Threat Vector
The latest – and most disturbing – trend in ransomware proliferation is
the targeting of hospitals and other healthcare facilities – a
particularly perverse form of digital extortion considering how precious
medical resources have become as the COVID-19 pandemic (soon endemic)
continues to spread
As recently reported by Nicole Perlroth in The New York Times,
“St. Lawrence Health System in New York confirmed that two of its
hospitals, Canton-Potsdam and Gouverneur, were hit by ransomware attacks
… that caused them to shut down computer systems and divert ambulances.
Sky Lakes Medical Center in Oregon was also crippled by a ransomware
attack … that froze electronic medical records and delayed surgeries.”7
Due to the Complexity of the Healthcare Ecosystem, Healthcare
Cybersecurity Requires a Holistic Approach
The healthcare data user community is incredibly diverse, with primary
consumers ranging from patients to doctors to HMOs to clinics to hospitals
to pharmacies to insurance companies and beyond. Each user group has
different operational needs, different concerns relative to patient
privacy, and different perspectives on cybersecurity. No single security
solution can satisfy these disparate interests; only a truly holistic
approach that integrates best-of-breed healthcare cybersecurity systems
and services can ensure both the utility and confidentiality of healthcare
The Human Element Plays a Disproportionate Role In Healthcare Data
While the exact figures are unknown, many healthcare providers
acknowledge that an unacceptably large percentage of data breaches are the
results of errors and omissions committed by provider personnel and
Analyst Steve Morgan observes that according to a report analyzed by
Health IT Security, 24 percent of US health employees have never
received cybersecurity awareness training, which is aimed at detecting and
deterring phishing scams, a prominent source of cyber violations.8
Affecting greater cybersecurity demands more than technology; it requires
comprehensive security and cybersecurity awareness training.
The COVID-19 Pandemic Has Produced New Cybersecurity Threats
Hackers have shown no reluctance to exploit to a pandemic-plagued
populace. As evidence:
- The incidence of medical device interference is up, particularly as
patients increasingly rely on remote care.
- Makeshift medical facilities, often featuring makeshift cybersecurity,
have become inviting targets.
- Phishing scams, which falsely reference respected entities like the
World Health Organization (WHO) and the US Centers for Disease Control
and Prevention (CDC), have exploded.9
[return to top of this
Prominent players in the healthcare cybersecurity market space include:
- Kaspersky Lab
- Symantec (Broadcom)
- Trend Micro
For healthcare providers seeking to outsource their cybersecurity
functions, engaging a managed security services provider (MSSP) is an
attractive option. Prominent players include:
One prominent cybersecurity provider, Symantec, advocates organizing
cybersecurity technologies around the US National Institute of Standards
and Technology (NIST) Cybersecurity Framework. The CSF is logically
divided into five “core” functions:
- Identify – Develop an organizational understanding to manage
cybersecurity risk to systems, people, assets, data, and
- Protect – Develop and implement appropriate safeguards to ensure
delivery of critical services.
- Detect – Develop and implement appropriate activities to identify the
occurrence of a cybersecurity event.
- Respond – Develop and implement appropriate activities to take action
regarding a detected cybersecurity incident.
- Recover – Develop and implement appropriate activities to maintain
plans for resilience and to restore any capabilities or services that
were impaired due to a cybersecurity incident.
In a 2018 white paper entitled “Adopting the NIST Cybersecurity Framework
in Healthcare,” Symantec aligns its various cybersecurity technologies
with each of the CSF functions, as illustrated in Table 1.
|Identify||Identify and manage assets||Endpoint Management, Data Loss Prevention (DLP)|
|Discover and classify sensitive information||Data Loss Prevention, Cloud Access Security Broker (CASB)|
|Define business environment and governance||Compliance Automation|
|Risk Assessment and Risk Management||Compliance Automation|
|Protect||Identity Management and Access Control||Multi-factor Authentication, CASB, Proxy|
|Awareness and Training||Compliance Automation, Education Services|
|Data Security||DLP, Encryption, Proxy, CASB|
|Information Protection Policies & Procedures||Compliance Automation, Endpoint Management, DLP, Encryption,
Proxy, CASB, Incident Response
|Maintenance||Endpoint Management, Multi-factor Authentication, Endpoint
|Protective Technology||Advanced Threat Protection (ATP), Multi-factor Authentication,
DLP, Endpoint Protection, CASB
|Detect||Anomalies & Events||Security Services, ATP, E-mail/Web Gateway, Proxy, CASB|
|Security Monitoring||Multi-factor Authentication, Endpoint Protection ATP, E-mail/Web
Gateway, Security Proxy, CASB
|Detection Process||Compliance Automation, ATP, Security Services, Security Analytics|
|Response||Response Planning||Incident Response|
|Communications||Compliance Automation, Security Services, Incident Response|
|Analysis||ATP, Security Services, Incident Response|
|Mitigation||Endpoint Protection, ATP, Proxy, Incident Response|
|Improvements||Endpoint Management, DLLP, Endpoint Protection, ATP, Security
Services, Incident Response
|Recover||Recovery Planning||Compliance Automation, Security Services, Incident Response|
|Improvements||Compliance Automation, Security Services, Incident Response|
[return to top of this
The Two Biggest Healthcare Cybersecurity Trends Are the Cloud and
Already regarded as fixtures in any discussion of healthcare
cybersecurity, in 2022 and beyond the healthcare industry will witness:
- More cloud initiatives – Cloud services are more convenient and
generally cheaper; and
- More ransomware – Healthcare officials are softer targets since they
are understandably inclined to “pay up” given the alternative of
compromised patient care.
The Healthcare Cybersecurity Market Is Booming
According to Research and Markets, the global healthcare cybersecurity
market should reach $28.4 billion by 2027, achieving a compound annual
growth rate (CAGR) of 16.3 percent during the forecast period.11
Healthcare Data Breaches Are Imposing a Significant Financial Burden
In July 2021, “IBM Security … announced the results of a global study
which found that data breaches now cost surveyed companies $4.24 million
per incident on average – the highest cost in the 17-year history of the
[annual] report. Healthcare breaches cost the most by far, at $9.23
million per incident – a $2 million increase over the previous year.”12
The Healthcare Cybersecurity War Is Being Waged at the Network’s Edge
The wholesale embrace of smartphones and other mobile devices, including
tablets and specialized medical equipment, signals an on-going shift in
the healthcare cybersecurity battlefield from the enterprise server room
to the doctor’s lab coat and patient’s pocketbook.
Contactless and RFID Readers Are Being Used for Physical and Logical
Control Access Applications
As one step to improve healthcare cybersecurity, Research and Markets
reports that “contactless and RFID readers are being used for physical and
logical control access applications. For instance, ELATEC readers are used
for securing print management and other healthcare ecosystem
Strategic Planning Implications
[return to top of this
Healthcare Experience Is Key
Cybersecurity is cybersecurity. In most cases, the same technologies and
tools utilized to protect healthcare data are employed to secure
enterprise data in general. In terms of selecting a healthcare
cybersecurity provider, the most important factor is the provider’s
connection to the healthcare industry. Vendors that provide general
healthcare services – in addition to full-function cybersecurity solutions
– are probably best positioned to serve healthcare industry customers.
Better Data, Better Protection
The fight against ransomware is being frustrated due to a lack of vital
information. Owing to public relations, insurance, and other factors,
cyber attacks are under-reported and under-documented, robbing the
healthcare community of the critical intelligence needed to formulate
effective defense plans and implement effective cyber countermeasures.
Regretably, much of the current cyber attack data can be attributed to
information published or leaked by cyber attackers themselves, hardly the
most reliable source.14
Help Wanted: US Government
Analyst Zachary Hendrickson assets “that healthcare’s data breach crisis
won’t be solved without a concerted effort from the US
government. The digital transformation of healthcare has largely been
spurred by US government legislation that ushered in the age of electronic
health records and made possible many of the digital health
innovations we see today.
“But it did not provide a strong enough framework or assistance for how
healthcare organizations ought to transform. And the healthcare data
breach crisis is unlikely to be solved by struggling hospitals
implementing piecemeal cybersecurity plans. Hence, the government may need
to step in to help deliver a better cybersecurity framework amid its push
toward the promises of digital health.”15
Analyst Stephane Duguin concurs. “Governments must take proactive steps
to protect the healthcare sector. They must raise the capacity of their
national law enforcement agencies and judiciary to act in the event of
extraterritorial cases so that threat actors are held to account.”16
A Healthcare Cybersecurity Prescription
Implementing cybersecurity in a healthcare environment offers both
familiar and unfamiliar challenges:
- Familiar in the sense that most cybersecurity best practices – like
encryption – are universal, and apply to all industry categories,
- Unfamiliar in the sense that healthcare data has a broad reach – with
single information elements, like patient records, flowing across
multiple enterprises (from a doctor’s office to a hospital to an
insurance company, for example) in what amounts to a spontaneous supply
The best course (indeed, probably the only course) for healthcare
providers is to focus on their link in the healthcare chain – and to
maximize the protection of healthcare data under their control.
As a prescription for healthcare cybersecurity, providers should:
- Encrypt all healthcare data while at rest or in transit.
Too much data has been compromised by lost or stolen laptops, for
- Implement a robust data access management system featuring
biometric controls. Biometric controls remain the best
insurance against access breaches.
- Conduct regular risk assessments. Although mandated
by HIPAA – but often viewed as an inconvenience – risk assessments help
establish how healthcare data flows in and out of the enterprise. Only
by understanding these dynamics, can healthcare providers erect the
requisite internal cybersecurity controls.
- Train all employees. As David Finn, health
information technology officer at Symantec, reminds us, “At the end of
the day, health information security is about people. The security is
only going to be as strong as the individuals using the systems.”
- Treat healthcare data like trade secrets. When
devising and deploying healthcare cybersecurity measures, healthcare
providers should apply the same controls they would apply in
safeguarding enterprise trade secrets or other proprietary information.
In other words, protecting healthcare data (patient information) should
be priority one.
- Ensure that all healthcare cybersecurity protocols are
consistent with all relevant healthcare cybersecurity and privacy
regulations. HIPAA is the beginning, not the end.
- Finally, do not fly solo. Partner with a healthcare
cybersecurity provider. At the very least, enlist the services of a
well-respected third-party firm to perform an independent audit of
healthcare cybersecurity policies and procedures.
Anticipate New Threat Vectors
Steve Morgan, founder and editor-in-chief at Cybersecurity Ventures,
warns that “The scariest of all cyber [threats to] the healthcare space
may lie ahead. Researchers in Israel announced [in 2019] that they’d
created a computer virus capable of adding tumors into CT and MRI scans –
malware designed to fool doctors into misdiagnosing high-profile patients,
according to a story by Kim Zetter in the Washington Post.”17
Healthcare personnel must be vigilant in assessing the validity of
clinical data, allowing for the possibility of cyber-enabled data
[return to top of this
About the Author
[return to top of this
James G. Barr is a leading business continuity analyst
and business writer with more than 40 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at email@example.com.
[return to top of this