EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
Some health care organizations operate on limited cyber budgets, but that cost could them dearly.
In brief
Health care organizations are increasingly under threat from sophisticated cyber attack.
The average cost of an attack can be millions of dollars and expose sensitive patient and organizational data.
Next-generation SIEMs and data management can provide the enhanced protection needed.
World-class athletes are not defined by physical might alone — they know that perseverance, strategy and an unshakable mindset can overcome any obstacle. And it’s impossible to outrun the competition if you’re not prepared for the race. This is especially true in the modern cyber threat landscape. The EY 2025 Cybersecurity Study highlighted that 51% of C-suite leaders in the health industry (51%) are more likely than C-suite leaders overall (37%) to agree that their organization is not set up to handle the cybersecurity threats of the future. And according to the EY 2024 Human Risk in Cybersecurity Survey, cyber criminals continue to evolve their approach with 60% of cybersecurity leaders reporting encountering AI-driven threats in the past year. These include malware that can morph to evade detection, phishing campaigns more closely mimicking human behaviors and interactions, and bots capable of launching large-scale Distributed Denial of Service (DDoS) attacks.
51%
of health industry C-suite agree that they are not set up to handle future cybersecurity threats
60%
of cybersecurity leaders reported encountering AI-driven threats in the past year
$4.45 million
Is the average damage inflicted from a cyber breach
According to recent numbers from one of the world’s leading tech companies, the average damage inflicted from a cyber breach is now estimated at $4.45 million with health averaging more than twice as much at $9.77 million which is driving C-suite executives to become increasingly focused on maturing their cyber protections. But when operating budgets are constrained and leadership not yet on-board with investment in new cyber protections, what can cyber leaders do across the health care sector to protect their business, patients and care delivery now?
Despite this perfect storm of factors, there are cost-conscious, pragmatic strategies and workarounds to begin building a smarter defense and stronger cyber posture. Here are four priorities for consideration:
Understanding activity across the organizational landscape is vital for effective cybersecurity in healthcare, where the digitization of patient records significantly increases the risk of cyber threats. Comprehensive visibility into network activity enables healthcare organizations to identify vulnerabilities, including those in interconnected medical devices and legacy systems, and detect anomalies in real-time. By employing advanced monitoring techniques such as intrusion detection systems (IDS) and behavioral analytics, providers can scrutinize data flows and user behaviors, allowing for rapid response to potential breaches. Additionally, integrating threat intelligence feeds can enhance situational awareness, enabling organizations to anticipate and mitigate emerging threats. This proactive approach not only fosters a culture of security mindfulness among staff but also reinforces the importance of adhering to regulatory frameworks such as HIPAA.
Security incident and event management (SIEM) solutions have come a long way since the costly, time-consuming on-premises installations of the past. Those required expensive infrastructure and ongoing maintenance and offered limited IoT integrations and high manual investigation and management needs. Today’s next-gen solutions are cloud based and can be onboarded quickly to create visibility over IoT devices, operational technology and crucial IoMT (Internet of Medical Things). With cloud storage, the systems scale quickly and now include AI-driven automation for real-time threat detection and rapid response. It’s possible to mount a far more effective and compliance-ready solution at a fraction of the solution or labor cost.
Sophisticated new solutions are only as good as the quality and governance practices of your data. Drive quality by taking the right steps. Start with optimizing data collection: identify critical logs, firewall, EHR systems and connected medical devices and centralize all logging before considering next-gen SIEM adoption. The best new cloud-based SIEM solutions are designed to integrate into legacy systems, meaning you can get the benefits of advanced protection and AI-driven efficiencies without an escalating budget. Think about starting with a pilot program as you get ready to onboard new SIEM capabilities, beginning with high-risk priorities like remote access systems and privileged accounts.
AI-powered threat detection boosts a remarkably high accuracy and is continuously improving. While the speed and capability are beneficial to organizations, so too is the reduced impact on cyber teams and other workforce members. With AI and automated cybersecurity solutions implemented, workers can eliminate the vast amounts of time previously allocated to manual risk monitoring and focus energies on the most significant and complex threats, further strengthening the organization’s cyber resilience.
Deep Kanaparthi, Manager, Technology Consulting contributed to the writing of this article.
Summary
Waiting to act appropriately to the advancing sophistication of attacks only increases the risk of exposure – and the cost of those attacks. With downtime, sensitive data exposure and the real-time challenges of managing an attack, organizations, labs and care facilities can also risk patient data exposure, fail regulated compliance or lose public trust. But by adopting appropriate data management practices and considering the low-cost flexibility of next-gen SIEM solutions, CISOs across the health care sector can begin long-term protection that starts today.
EY Americas Consumer and Health Cybersecurity Industry Leader
Connector and bridge builder. Passionate about diversity, equity and inclusion. Advocate for women in tech. Wife, mother, good food lover. Value quality time with self and loved ones.
