A report conducted by the Ponemon Institute has found that over 20 percent of healthcare organizations have encountered an increase in mortality rate after a substantial cyberattack and over half of healthcare organizations surveyed stated that they encountered poorer patient outcomes as a result. With delays to procedures and tests being the most frequent consequences of the attacks that resulted in poorer patient outcomes.
On behalf of cybersecurity firm Proofpoint, Ponemon Institute surveyed 641 IT and IT security professionals in healthcare organizations who are responsible for participating in cybersecurity procedures such as setting IT cybersecurity priorities, selecting vendors and contractors and, managing budgets. The study built upon a study previously conducted by Ponemon on behalf of Censinet. The results of the study found that 20 percent of healthcare organizations encountered an increase in their mortality rates after a ransomware attack. In the latest study, Ponemon applied a broader definition of cyberattack to include cloud compromise, ransomware, business email compromise and phishing, and supply chain.
The survey indicated that ransomware attacks affected healthcare organizations the most out of the four most frequent forms of cyberattacks. Ransomware attacks collect files and encrypt the data within to pressure IT systems into inaction. Frequently, healthcare organizations are made to shut down to limit harm caused by an attack. The survey found that approximately 65 percent of healthcare organizations stated they encountered delays in medical procedures and tests after ransomware attacks and approximately 60 percent stated that the attacks created longer patient stays.
After requesting an estimation of the single most expensive cyberattack suffered by each organization in the last year, the researchers found that the average total cost of the most expensive cyberattacks reached $4.4. Million. This included all indirect labor costs, direct cash outlays, overhead costs direct labor expenditures, and lost business opportunities. Lost productivity was found to be the most significant financial consequence of a cyberattack, amounting to an average cost of $1.1 million.
Cyberattacks on the healthcare sector are becoming more frequent and complex. Ponemon has advised healthcare organizations to implement a defense in depth approach with multiple overlapping layers of security. Healthcare organizations should also document and practice a suitable response plan for each significant attack. Members of staff should also be trained and fully prepared for cyberattacks to limit harm, financial cost, and recovery time.
“Healthcare has traditionally fallen behind other sectors in addressing vulnerabilities to the growing number of cybersecurity attacks, and this inaction has a direct negative impact on patients’ safety and wellbeing,” stated Ryan Witt, healthcare cybersecurity leader of Proofpoint. “As long as cybersecurity remains a low priority, healthcare providers will continue to endanger their patients. To avoid devastating consequences, healthcare organizations must understand how cybersecurity affects their patient care and take the steps toward better preparedness that protects people and defends data.”