Nearly 90% experienced at least one attack in the past year, at an average cost of more than $1 million per attack
Even though health care organizations remain a major target of cyberattacks, many say they lack the resources and know-how to adequately protect themselves from hackers, according to results of a recent study.
Ponemon Institute, a security research firm, surveyed IT specialists at 641 health care organizations. Nearly 90% said their organization had experienced at least one cyberattack during the previous year, with the average being 43. At an average cost of $1.1 million, lost productivity was the major financial consequence of attacks. The average total cost for the most expensive cyberattack on each organization was $4.4 million, a total that includes direct cash outlays, labor expenses, overhead costs and lost business opportunities.
Despite the impact of these attacks, 53% of respondents said their organization lacked the in-house expertise, and 46% said they had insufficient staff to defend themselves effectively from cyberattacks.
“The attacks we analyzed put a significant strain on healthcare organizations’ resources,” Larry Ponemon, founder and chair of the Ponemon Institute, said in an accompanying news release. “Their result is not only tremendous cost but also a direct impact on patient care, endangering people’s safety and wellbeing.”
Most respondents also thought that technologies such as cloud, mobile, big data, and the Internet of Things, all of which are seeing increased adoption, increase the risks to patient data and safety, Ponemon added.
Among the study’s other findings:
The study, “Cyber Insecurity in Healthcare: The Cost And Impact On Patient Safety And Care” was sponsored by Proofpoint, Inc., a cybersecurity and compliance company.