SUNNYVALE, Calif.--(BUSINESS WIRE)--Proofpoint, Inc., a leading cybersecurity and compliance company, and Ponemon Institute, a top IT security research organization, today released the results of their third annual survey on the effects of cybersecurity in healthcare. The report, “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2024,” finds that 92% of healthcare organizations surveyed experienced at least one cyber attack in the past 12 months, an increase from 88% in 2023, with 69% reporting disruption to patient care as a result..

加利福尼亚州桑尼维尔（商业新闻短讯）--领先的网络安全和合规公司Proofpoint，Inc.和顶级IT安全研究机构Ponemon Institute今天发布了他们关于网络安全对医疗保健影响的第三次年度调查结果。这份题为“医疗保健中的网络不安全：2024年患者安全和护理的成本和影响”的报告发现，92%的接受调查的医疗保健组织在过去12个月内至少经历过一次网络攻击，比2023年的88%有所增加，69%的人报告说因此中断了患者护理。。

Among the organizations that suffered the four most common types of attacks – cloud compromise, ransomware, supply chain, and business email compromise (BEC) – 56% reported poor patient outcomes due to delays in procedures and tests, 53% saw an increase in medical procedure complications, and 28% say patient mortality rates increased—an increase of five percentage points over last year.

在遭受云妥协、勒索软件、供应链和商业电子邮件妥协（BEC）四种最常见攻击类型的组织中，56%的组织报告说由于程序和测试的延迟，患者预后不佳，53%的组织认为医疗程序并发症增加，28%的组织说患者死亡率比去年增加了5个百分点。

These findings indicate that healthcare organizations continue to struggle with mitigating the risks these attacks pose to patient safety and well-being..

这些发现表明，医疗保健组织仍在努力减轻这些攻击对患者安全和福祉构成的风险。。

The report, which surveyed 648 information technology and security practitioners in United States healthcare organizations, found that supply chain attacks are most likely to affect patient care. More than two-thirds (68%) of respondents said their organizations had an attack against their supply chains, of which 82% said it disrupted patient care, an increase from 77% in 2023.

该报告调查了美国医疗保健组织的648名信息技术和安全从业人员，发现供应链攻击最有可能影响患者护理。超过三分之二（68%）的受访者表示，他们的组织对其供应链进行了攻击，其中82%的人表示这破坏了患者护理，比2023年的77%有所增加。

BEC leads the group of attacks most likely to result in poor outcomes due to delayed procedures and tests (69%), followed by ransomware (61%), which was also most likely to result in longer lengths of stay (58%) and increase in patients diverted or transferred to other facilities (52%)..

BEC是最有可能由于程序和测试延迟而导致不良结果的攻击组（69%），其次是勒索软件（61%），这也最有可能导致更长的住院时间（58%）和转移或转移到其他设施的患者增加（52%）。。

“Our third annual report was conducted to determine if the healthcare industry is making progress in reducing human-centric cybersecurity risks and disruptions to patient care,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “For the third consecutive year, we found that the four types of analyzed attacks show a direct negative impact on patient safety and wellbeing.

“我们的第三份年度报告是为了确定医疗保健行业在减少以人为中心的网络安全风险和对患者护理的干扰方面是否取得了进展，”波尼蒙研究所主席兼创始人拉里·波尼蒙说。“连续第三年，我们发现这四种类型的分析攻击对患者的安全和福祉产生了直接的负面影响。

The good news, however, is the healthcare industry seems to increasingly recognize the importance cybersecurity plays in patient outcomes; on average, IT budgets have increased, and fewer IT practitioners indicate that budget is a challenge in keeping their organization’s cybersecurity posture from being fully effective.”.

然而，好消息是，医疗行业似乎越来越认识到网络安全在患者预后中的重要性；。

Other key findings of the report include:

该报告的其他主要发现包括：

Ransomware payouts spike, even though concerns about it have declined: More than half (54%) of respondents believe their organizations are vulnerable or highly vulnerable to a ransomware attack, a decline from 64% in 2023. Organizations that had ransomware attacks (59% of respondents) experienced an average of four such attacks over the past two years.

勒索软件支出飙升，尽管人们对此的担忧有所下降：超过一半（54%）的受访者认为他们的组织容易受到勒索软件攻击或极易受到勒索软件攻击，比2023年的64%有所下降。有勒索软件攻击的组织（59%的受访者）在过去两年中平均经历了四次此类攻击。

While fewer organizations paid the ransom (36% in 2024 vs. 40% in 2023), the ransom paid spiked 10% to an average of $1,099,200 compared to $995,450 in the previous year..

虽然支付赎金的组织较少（2024年为36%，2023年为40%），但赎金支付额猛增10%，平均为1099200美元，而前一年为995450美元。。

Insecure mobile apps and cloud/account compromises are considered the greatest cyber threats to healthcare organizations: Concerns about insecure mobile apps (eHealth) have increased to become the top cybersecurity threat in healthcare, increasing from 51% in 2023 to 59% of respondents in 2024. Cloud/account compromise was the second biggest concern (55%), and text messaging was the most attacked collaboration tool (61%) followed by email (59%).

不安全的移动应用程序和云/账户泄露被认为是医疗保健组织面临的最大网络威胁：对不安全的移动应用程序（电子健康）的担忧已经增加，成为医疗保健领域最大的网络安全威胁，从2023年的51%增加到2024年的59%。云/账户妥协是第二大担忧（55%），短信是攻击最多的协作工具（61%），其次是电子邮件（59%）。

Organizations are less worried about employee-owned mobile devices or BYOD..

组织不太担心员工拥有的移动设备或BYOD。。

More progress needed to reduce insider risk: More than nine in ten organizations surveyed had at least two data loss or exfiltration incidents involving sensitive and confidential data within the past two years. 51% said a data loss or exfiltration incident impacted patient care; of those, 50% experienced increased mortality rates and 37% saw delays in procedures and tests that resulted in poor outcomes.

减少内部风险需要取得更多进展：在过去两年中，超过十分之九的受调查组织至少发生过两次涉及敏感和机密数据的数据丢失或外渗事件。51%的人表示数据丢失或渗出事件影响了患者护理；其中，50%的人死亡率增加，37%的人在程序和测试方面出现延误，导致结果不佳。

Over the past two years, organizations experienced an average of 20 such incidents with employees as the primary root cause. Employee negligence because of not following policies (31%), accidental data loss (26%) and employees sending PII and PHI to an unintended recipient via email (21%) were top three..

在过去两年中，组织平均经历了20起此类事件，员工是主要的根本原因。前三名是由于不遵守政策而导致的员工疏忽（31%），意外数据丢失（26%）和通过电子邮件向意外收件人发送PII和PHI的员工（21%）。。

The lack of clear leadership is a growing problem and a threat to healthcare’s cyber security posture: While 55% of respondents say their organizations’ lack of in-house expertise is a primary deterrent to achieving a strong cybersecurity posture, the lack of clear leadership as a challenge increased significantly since 2023 from 14% to 49% of respondents.

。

Not having enough budget decreased from 47% to 40% of respondents in 2024..

2024年，预算不足的受访者比例从47%降至40%。。

Traditional compliance-based security training programs are falling short: Negligent employees pose a significant risk to healthcare organizations. While more organizations (71% in 2024 vs. 65% of respondents in 2023) are taking steps to address the risk of employees’ lack of awareness about cybersecurity threats, are they effective in reducing the risks? Nearly three in five respondents (59%) indicate they conduct regular training and awareness programs..

传统的基于法规遵从性的安全培训计划存在不足：疏忽大意的员工对医疗保健组织构成重大风险。虽然更多的组织（2024年为71%，2023年为65%）正在采取措施解决员工缺乏网络安全威胁意识的风险，但它们是否有效降低了风险？近五分之三的受访者（59%）表示他们定期进行培训和提高认识计划。。

AI and machine learning in healthcare: For the first time, the impact AI is having on security and patient care was studied. More than half (54%) of respondents say their organizations have embedded AI in cybersecurity (28%) or embedded it in both cybersecurity and patient care (26%). 57% of these respondents say AI is very effective in improving organizations’ cybersecurity posture, and more than one-third (36%) use AI and machine learning to understand human behavior..

人工智能和医疗保健中的机器学习：首次研究了人工智能对安全和患者护理的影响。超过一半（54%）的受访者表示，他们的组织已经将人工智能嵌入网络安全（28%）或将其嵌入网络安全和患者护理（26%）。57%的受访者表示，人工智能在改善组织的网络安全态势方面非常有效，超过三分之一（36%）的人使用人工智能和机器学习来理解人类行为。。

“An effective cybersecurity approach centered around stopping human-targeted attacks is crucial for healthcare institutions, not just to protect confidential patient data but also to maintain the highest quality of medical care,” said Ryan Witt, chair, Healthcare Customer Advisory Board at Proofpoint.

Proofpoint医疗保健客户咨询委员会主席瑞安·维特（RyanWitt）表示：“以阻止针对人类的攻击为中心的有效网络安全方法对于医疗机构至关重要，不仅要保护患者的机密数据，还要保持最高的医疗质量。”。

“This report underlines that cyber safety is patient safety; protecting healthcare systems and medical data from cyber attacks is critical to ensuring continuity in patient care and avoiding disruption of critical services. And while security awareness is foundational, driving sustained behavior change through programs tailored to specific roles and responsibilities will help support both organizational and patient safety.”.

“本报告强调，网络安全是患者的安全；保护医疗保健系统和医疗数据免受网络攻击对于确保患者护理的连续性和避免关键服务的中断至关重要。虽然安全意识是基础，但通过针对特定角色和责任量身定制的计划推动持续的行为改变将有助于支持组织和患者的安全。”。

To download Cyber Insecurity in Healthcare: The cost and impact on patient safety and care 2024, please visit: https://www.proofpoint.com/us/resources/threat-reports/ponemon-healthcare-cybersecurity-report

要下载医疗保健中的网络不安全：2024年患者安全和护理的成本和影响，请访问：https://www.proofpoint.com/us/resources/threat-reports/ponemon-healthcare-cybersecurity-report

For more information on Proofpoint’s healthcare solutions, please visit: https://www.proofpoint.com/healthcare

有关Proofpoint医疗保健解决方案的更多信息，请访问：https://www.proofpoint.com/healthcare

About Proofpoint, Inc.

关于Proofpoint，Inc。

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks.

Proofpoint，Inc.是一家领先的网络安全和合规公司，它保护组织最大的资产和最大的风险：他们的员工。。

Leading organizations of all sizes, including 85% of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com..

各种规模的领先企业，包括财富100强企业中85%的企业，都依靠Proofpoint提供以人为中心的安全和法规遵从性解决方案，以减轻他们在电子邮件、云计算、社交媒体和网络中最关键的风险。有关更多信息，请访问www.proofpoint.com。。

Connect with Proofpoint: X | LinkedIn | Facebook | YouTube

连接证明点：X | LinkedIn | Facebook | YouTube