Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Many health care organizations lack resources to fend off cyberattacks

September 12, 2022

Article

Nearly 90% experienced at least one attack in the past year, at an average cost of more than $1 million per attack

Even though health care organizations remain a major target of cyberattacks, many say they lack the resources and know-how to adequately protect themselves from hackers, according to results of a recent study.

Ponemon Institute, a security research firm, surveyed IT specialists at 641 health care organizations. Nearly 90% said their organization had experienced at least one cyberattack during the previous year, with the average being 43. At an average cost of $1.1 million, lost productivity was the major financial consequence of attacks. The average total cost for the most expensive cyberattack on each organization was $4.4 million, a total that includes direct cash outlays, labor expenses, overhead costs and lost business opportunities.

Despite the impact of these attacks, 53% of respondents said their organization lacked the in-house expertise, and 46% said they had insufficient staff to defend themselves effectively from cyberattacks.

“The attacks we analyzed put a significant strain on healthcare organizations’ resources,” Larry Ponemon, founder and chair of the Ponemon Institute, said in an accompanying news release. “Their result is not only tremendous cost but also a direct impact on patient care, endangering people’s safety and wellbeing.”

Most respondents also thought that technologies such as cloud, mobile, big data, and the Internet of Things, all of which are seeing increased adoption, increase the risks to patient data and safety, Ponemon added.

Among the study’s other findings:

The biggest threat to patient safety and care delivery comes from ransomware attacks. Sixty-four percent of respondents in organizations that experienced such an attack said it resulted in delays in procedures and tests that caused worse outcomes for patients. In addition, 59% said the attack resulted in longer patient stays.
Insecure medical devices and mobile apps are major cybersecurity vulnerabilities. Sixty-four percent of respondents said they are concerned about the security of medical devices such as pacemakers and infusion pumps, and 59 percent said they are concerned about insecure mobile apps. Even so, only 51% of respondents said preventing and responding to an attack on these devices was part of their cybersecurity strategy.
Half of respondents said their organizations experienced an attack on their supply chain, with 70% of those saying the attack disrupted patient care.
Training and awareness programs, along with employee monitoring, are organizations’ main defenses against cyberattacks. Sixty-three percent of respondents said their organizations conduct regular training and awareness programs, while 59% monitor employee actions.

The study, “Cyber Insecurity in Healthcare: The Cost And Impact On Patient Safety And Care” was sponsored by Proofpoint, Inc., a cybersecurity and compliance company.