- Eighty-eight percent of surveyed healthcare organizations experienced at least one cyberattack in the past year, leading to strained patient care and increased costs, according to a report by the Ponemon Institute sponsored by cybersecurity software company Proofpoint.
- Many of those attacks compromised patient care, causing delays in procedures or tests, or increasing complications. Sixty-eight percent of respondents who experienced ransomware attacks said the attacks negatively impacted patient safety and care.
- The average cost for organizations’ most expensive cyberattack was $4.9 million. Disruption to normal healthcare operations due to system availability issues was the most significant financial consequence of an attack, according to the report.
The report, which surveyed more than 650 IT and IT security practitioners at U.S.-based healthcare organizations, found more professionals saw their workplaces as vulnerable to each type of cyberattack — cloud compromise, business email attack, ransomware and supply chain attack — compared to 2022.
Organizations surveyed reported an average of 40 cyberattacks over the past 12 months. All of them experienced at least one incident where sensitive healthcare data was lost or stolen, and 43% said data loss or exfiltration impacted patient care.
Of those, 46% said it increased mortality rates, while 38% it increased complications from medical procedures.
The most frequent attacks in healthcare are against the cloud, with 63% of respondents reporting an average of 21 cloud compromises during the past two years.
Healthcare organizations report patient care disruptions from cyberattacks
Healthcare data breaches have become increasingly common over the past decade as companies adopted electronic records and added digital services. Breaches have exposed 385 million patient records from 2010 to 2022, according to federal records, and hacking incidents in particular have skyrocketed.
Cyberattacks that disrupt facility operations can put patients’ lives at risk. A ransomware attack against Chicago-based CommonSpirit Health last year disrupted access to health records and delayed patient care, while a recent attack against Prospect Medical Holdings forced some ambulances to divert patients to other hospitals.