According to a recent study, over 20% of healthcare companies encountered a rise in mortality rate following a major cyberattack and 57% of the healthcare organizations mentioned they encountered negative patient outcomes as around 50% reported a rise in health complications. The most typical results of the attacks that led to negative patient outcomes were late procedures and testing.
The Ponemon Institute conducted the study together with cybersecurity agency Proofpoint. The study involved 641 healthcare IT and security professionals in America, with the results published in the reports Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care. The results reflect those of an earlier study performed by the Ponemon Institute in 2021 with Censinet. The study involved 597 healthcare participants and 22% said they encountered higher mortality rates after a ransomware attack.
The most recent study applied a wider cyberattack definition, including the four most popular types of attack – ransomware, cloud compromise, supply chain, and business email compromise/phishing, and consequently suggests it isn’t just ransomware attacks that adversely impact patient outcomes. Ransomware attacks cause file encryption that can make critical IT systems inaccessible. Quite often healthcare companies have to deactivate IT systems to control an attack. The time it takes to recover from a ransomware attack is usually more than other kinds of attacks. The survey established that ransomware attacks got the greatest effect among the four types of attacks. 64% of healthcare companies stated they encountered delays in medical testing and procedures after a ransomware attack and 59% stated the attacks caused extended patient stays.
It must be mentioned that the two studies proved the relationship between cyberattacks and unfavorable patient outcomes however didn’t show causation. More studies must be done to determine precisely what facets of the attacks have the greatest adverse effect on patient results and cause a rise in mortality rate.
The attacks that were analyzed had substantial pressure on healthcare company resources. Their result isn’t just incredible cost but in addition, an immediate effect on patient care, jeopardizing the safety and wellness of people. The majority of the IT and security experts consider their companies as susceptible to these attacks, and 66% think that increased adoption of technologies including cloud, mobile, Internet of Things, and big data leads to more risks to patient information and safety.
The Proofpoint survey additionally revealed the magnitude of attacks on healthcare companies. 89% of surveyed companies encountered about 43 attacks during the last 12 months, though the degree of successful attacks is not clear. Cyberattacks on healthcare companies have a substantial financial effect. An earlier study, done by the Ponemon Institute with IBM Security, discovered the cost of a cyberattack on average has grown to $4.4 million. The healthcare sector got the top breach costs among all industries, with the cost of a healthcare data breach on average increasing to $10.1 million.
Challenges in Healthcare Cybersecurity and the Biggest Security Threats
One of the major problems encountered by healthcare companies is getting the required talent to protect against attacks. 53% of respondents rated insufficient in-house competence as a major challenge. 46% mentioned they didn’t have enough workforce in cybersecurity and the two factors had an adverse impact on the security posture of organizations.
Respondents have questioned their greatest security issues and one of the primary concerns was medical device safety. Healthcare companies have 26,000 medical devices linked to the internet, and these were regarded as a cybersecurity threat by 64% of respondents, however only 51% of respondents mentioned these devices are included in their cybersecurity method.
75% of survey respondents stated they were vulnerable to cloud compromise, and 72% stated they were susceptible to ransomware attacks. 54% of companies mentioned they had encountered a cloud compromise in the last two years, with those companies going through about 22 of that sorts of compromises; nonetheless, 64% of companies stated they took steps to get ready for and respond to those cyber attacks.
60% of companies stated they were most worried about ransomware attacks, and 62% stated they took steps to avoid and react to ransomware attacks.
71% of companies mentioned they were susceptible to supply chain attacks and 64% were susceptible to BEC and phishing/spoofing attacks, but just 44% and 48% mentioned they had recorded response plans for these attacks.
Protecting Against Healthcare Cyberattacks
More cyberattacks on the healthcare sector are becoming sophisticated. In order to secure against these attacks, an in-depth strategy with several overlapping protection layers is necessary. It is additionally essential to have a recorded and practiced incident response plan set up for every major kind of attack. Not being ready to respond to cyberattacks could put patient safety in danger. With an incident response plan set up, where all people engaged in the response understand their roles and duties could limit the recovery time substantially, which restricts the unfavorable effect on patients and minimizes the financial expense. Having consultants and cybersecurity companies that completely know the infrastructure of a company is a big edge and makes certain the quickest possible response in case of a successful cyber attack.
Although cyberattacks could be sophisticated, they frequently begin with phishing or social engineering attack. The significance of employee training can’t be over-emphasized. All workers ought to know why good cyber hygiene is important and what it involves, and they must be trained on how to identify phishing and social engineering attacks. Providing employees with regular cybersecurity awareness training and doing phishing simulations could considerably minimize risk with time.
Healthcare has usually lagged behind other industries when dealing with vulnerabilities to the increasing cybersecurity attacks, and this inactivity has a direct adverse effect on patients’ safety and wellness. So long as cybersecurity is not a high priority, healthcare companies will endanger their patients. To prevent disastrous effects, healthcare companies should know how cybersecurity impacts their patient care and do what is necessary
to better prepare and protect people and secure information.