Cybersecurity spending will likely continue to take over the IT budget in the coming year as threats become more sophisticated, according to a Nov. 13 report from Moody's.
"The increasing digitization of the sector means the risk-mitigation strategies will remain a priority, necessitating continuous investment in cybersecurity," according to the report. "Spending by healthcare providers on cybersecurity management will continue to rise, with cyber spending as a percentage of total technology budgets climbing to an estimated 7% in 2023 from 5% in 2019."
Here are four takeaways from the report:
1. Multi-factor authentication and a strong incidence response plan will be essential to protect data and continue operations while offline if an attack occurs.
2. Using third-party software vendors for clinical, operational and revenue cycle functions adds risk; after the attack on Change Healthcare in early 2024 health systems had to engage alternative liquidity sources.
3. Health systems with stronger cash reserves are in a better position to navigate the possible disruptions to clinical care and operations from a cyberattack.
4. Moody's expects hospitals will continue to purchase cyberinsurance at a high rate as the number of class action lawsuits and claims increase. But trends in the size and volume of ransomware attacks may mean cyber insurance products are less profitable.
"The result effect includes insurers imposing more rigorous terms and conditions and increasing premiums, which will further increase costs," the report states.