Insight

Healthcare may be flying too close to the sun

Learn how your healthcare organization can address the growing threat of more insidious cyber-security attacks.

Carl Kriebel

Carl Kriebel

Advisory Managing Director, Cyber Security Services, KPMG US

+1 412-901-8871

The pandemic has increased pressure on health systems to cut costs and protect margins. However, putting cyber-security programs on the list of potential cost-cutting targets could be a risky proposition.

The increased vulnerability of hospitals, health systems, and physician practices is likely due to changes in how and where healthcare is delivered, as well as the following:

  • As healthcare has the highest industry average cost per incident, threat actors see the value in healthcare data.
  • Virtual working arrangements will likely continue for some healthcare staff, which could increase attack perimeters as sensitive patient information is shared remotely.
  • Although adoption of connected medical devices can be critical to patient care, these technologies could introduce new attack vectors for cyber-criminals.

More insidious acts are on the rise – particularly those involving the introduction of malware through third-party software, as exemplified by the recent SolarWinds attack.

Healthcare organizations are certainly aware that, when it comes to being breached, it is not a matter of if, but when. And, the financial fallout from incidents is higher than in other industries. Therefore, healthcare boards and audit committees are advocating for more aggressive cyber-security measures. And the healthcare industry is heeding that call: Over the next five years, healthcare organizations are expected to invest billions in cyber-security measures, although it is important to note that healthcare’s cyber-security investments still trail many other industries.

This paper seeks to guide your healthcare organization on how to allocate cyber-security budgets to the areas with the most value by: (1) identifying and assessing key areas of vulnerability, (2) establishing our recommended three lines of defense cyber-security approach; (3) balancing response and remediation planning with prevention; and (4) taking first steps to assess cyber maturity and begin to align programs with an increasing threat landscape.

Healthcare may be flying too close to the sun
Download PDF to learn how your healthcare organization can address the growing threat of more insidious cyber-security attacks.

Related content


KPMG Healthcare & Life Sciences Institute

Register to receive timely insights

Register to receive timely insights

About Healthcare & Life Sciences at KPMG

Our practice

Learn more


Our capabilities

Learn more


Meet our team

Learn more