The recent release of a new cybersecurity report included some disturbing numbers showing just how often network attacks have become in the healthcare industry. The study, which questioned more than 640 IT and security leaders, discovered that 89% of the examined firms had, on average, 43 attacks during the previous year, or roughly one every week.
Even worse, the Proofpoint-sponsored Ponemon Institute study discovered that cyber intrusions are now frequently having an impact on patient safety in American hospitals and health systems.
According to the survey results in the report Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care, cyberattacks routinely delay procedures and tests, which, according to 57% of respondents, leads to poor patient outcomes and 50% more complications from medical procedures. Perhaps the most concerning statistic was that 20% of health organisations that had suffered the four most typical cyberattack types reported increased patient fatality rates as a result.
Ponemon lists ransomware, cloud penetration, distribution network disruption, and phishing as the four most prevalent exploits.
Unsurprisingly, ransomware is the assault type most likely to have a negative impact on the way care is delivered, frequently causing delays in procedures or tests (64% of respondents) and lengthier patient stays (59%).
Organizations are vulnerable to ransomware attacks, according to nearly three-quarters (72%) of those polled, with 60% ranking it as their top worry and a similar number reporting measures to strengthen protection and response. Over half (54%) of respondents stated their firms had encountered at least one cloud compromise incident in the last two years. Of that group, companies averaged 22 such compromises during the previous two years. About 63% of respondents claimed to have made preparations for and responses to these attacks.
However, only 44% and 48%, respectively, of participants have a documented response strategy for such threats, despite the fact that 71% of participants indicated they were exposed to supply chain attacks and 64% said they felt at risk from company email intrusion and spoofing phishing.
The paper also underscores continued IoT issues, given that hospitals and health institutions install more than 26,000 network-connected devices on average. However, the study found that only 51% of respondents included device security in their cybersecurity plan, despite the fact that 64% of respondents stated they were concerned about it. Other statistics from the study include:
- 63% of respondents said they regularly provide employees with training and awareness initiatives.
- 59% of employers observe employee behaviour and technological use.
- A difficulty, according to 53% of respondents, is a dearth of in-house cybersecurity knowledge.
- 46% claimed that their low staff generally affects their level of cybersecurity preparedness.
This is true despite the fact that there are important financial considerations in addition to the risk to patient safety. The survey found that the most costly cyberattacks in the healthcare industry cost an average of $4.4 million over the previous 12 months, including $1.1 million in lost productivity.
Leaders in IT and infosec from significant U.S. health institutions are aware of the risks. Chief information security officers emphasised the dangers to patient safety posed by this complex threat landscape at HIMSS22 in March.
The focus is no longer solely on privacy and confidentiality, according to Erik Decker, CISO of Intermountain Healthcare. Their mission statement is that cybersecurity is patient safety; downtime implies delay in care; and care delay means patient safety.
That has been the situation for a while. However, as this data demonstrates and recent real-world incidents of patient deaths due to ransomware attacks underline, the threats to hospitals’ safety and security have only risen.
According to Larry Ponemon, chairman and creator of the Ponemon Institute, the attacks they evaluated imposed a tremendous burden on the resources of healthcare institutions. In addition to being extremely expensive, their actions also have a negative impact on patient care and put people’s health and safety in peril. As per Ryan Witt, healthcare cybersecurity leader at Proofpoint, healthcare has generally lagged behind other sectors in addressing vulnerabilities to the expanding number of cybersecurity threats, and this delay has a strong adverse impact on patients’ health and protection.
He continued that healthcare professionals would continue to put their patients at danger if cybersecurity is not given higher priority. Healthcare institutions must comprehend how cybersecurity impacts patient care and take the necessary precautions to be adequately equipped that protects the people and defends data in order to safeguard against terrible consequences.