Report: Cybersecurity Programs Face Challenges from GenAI Risks, Ransomware Attacks

With the rise of artificial intelligence in 2023 and the growing adoption of artificial intelligence in healthcare, more sophisticated cyberattacks are occuring, according to the 2023 HIMSS Cybersecurity Survey Report. The report, which analyzes data collected in 2023, provides a comprehensive snapshot of the current state of cybersecurity in the healthcare industry, shedding light on emerging trends, challenges and areas for improvement.  

The annual survey report provides insight based upon feedback from cybersecurity professionals in the field.  

“The 2023 HIMSS Healthcare Cybersecurity Survey brings us fresh intelligence on what is happening in healthcare cybersecurity and a look at what's ahead with AI as a catalyst for change," said Lee Kim, senior principal of Cybersecurity & Privacy.  

One of the key findings of this latest survey revolves around the cybersecurity risks posed by the widespread reach of generative artificial intelligence due to the reported lack of governance and acceptable use policies for GenAI. 

Around 49.78% of participants revealed that their organizations permit the use of GenAI technology, while roughly one third of participants’ (34.5%) organizations prohibit the use of GenAI. Of the participants whose organizations permit GenAI technology use, 40.71% revealed having an acceptable use policy for GenAI, while 52.21% did not report having any policy in their organization. 

An area of concern also arises from the increase in ransomware attacks in the healthcare sector. Among those affected by ransomware in 2023, approximately 25.93% of respondents admitted to paying the ransom to address the attack. A significant majority (51.85%) chose not to comply with the ransom demands. Notably, one respondent mentioned that their healthcare organization eventually paid the ransom, but only after implementing mitigation measures, including the involvement of a ransomware negotiator. 

Because cybersecurity is an integral part of business, the survey also suggests that cybersecurity be a regular topic that is discussed at every board meeting. Having board oversight of the organization’s cybersecurity posture, major cybersecurity events, and relevant progress are key components to flourishing in today’s business and technical environment, while safeguarding the confidentiality, integrity, and availability of information. 

Read the full 2023 HIMSS Cybersecurity Survey Report to learn more.