A fresh cybersecurity report this week had some sobering statistics illustrating precisely how commonplace network attacks have grown to be across healthcare.
The survey, which polled a lot more than 640 IT and security leaders, discovered that 89% of the surveyed organizations experienced typically 43 attacks in the last year averaging almost an attack every week.
WHY IT MATTERS
Worse, the Ponemon Institute study, sponsored by Proofpoint, also discovered that cyber incursions are actually routinely impacting patient safety at U.S. hospitals and health systems.
The report, “Cyber Insecurity in Healthcare: THE PRICE and Effect on Patient Safety and Care,” showed respondents saying cyberattacks are routinely delaying procedures and tests with 57% saying that results in poor patient outcomes and 50% citing increased complications from surgical procedure.
Possibly the most alarming stat was that one: of these health systems exceptional four most typical forms of cyberattacks, 20% said they will have subsequently experienced increased patient mortality rates.
Ponemon defines the four most typical exploits as ransomware, cloud compromise, supply chain disruption and phishing.
Unsurprisingly, the attack type probably to adversely affect care delivery is ransomware, with attacks commonly resulting in procedure or test delays (64% of respondents) and longer patient stays (59%).
Nearly three-quarters (72%) of these surveyed said organizations are susceptible to a ransomware attack, and 60% said it had been a high concern, with an identical percentage reporting efforts to really improve prevention and response.
For cloud compromise, over fifty percent (54%) of respondents said their organizations had experienced a minumum of one incident previously two years. Of this group, organizations experienced typically 22 such compromises during the past 2 yrs. Some 63% said they’d taken steps to get ready for and react to these attacks.
But while 71% of participants said they felt susceptible to supply chain attacks and 64% felt at an increased risk to business email compromise and spoofing phishing just 44% and 48%, respectively, have a documented response arrange for those risks.
The report highlights ongoing concerns with IoT, aswell, with hospitals and health systems deploying typically a lot more than 26,000 network-connected devices. But while 64% of respondents said they’re worried about device security, just 51% include them within their cybersecurity strategy, based on the study.
(Those connected medical device statistics echo similar figures in another recent report come up with by the Ponemon Institute.)
Various other stats from the report:
63% respondents conduct regular training and awareness programs for employees
59% monitoring their workers actions and technology use
53% of respondents said too little in-house cybersecurity expertise is really a challenge
46% said they lack sufficient staffing generally, impacting their cybersecurity readiness
This even though, beyond the chance to patient safety, you can find significant financial stakes. Probably the most healthcare expensive cyberattack cost typically $4.4 million during the past 12 months, based on the study, including $1.1 million of productivity loss.
THE BIGGER TREND
IT and infosec leaders from major U.S. health systems recognize the stakes. At HIMSS22 earlier this March, chief information security officers discussed the individual safety risks of the fraught threat landscape.
“We’ve moved beyond data: It isn’t nearly privacy and confidentiality anymore,” said Erik Decker, CISO at Intermountain Healthcare. “Cybersecurity is patient safety. Downtime means delay of care, and delay of care means patient safety. That’s our charge.”
Which has been the case for quite a while now. But as this report shows and recent real-world cases of patient fatalities associated with ransomware attacks emphasize the risks have only increased for hospitals’ security and safety.
ON THE RECORD
“The attacks we analyzed put a substantial strain on healthcare organizations’ resources,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Their result isn’t just tremendous cost but additionally a direct effect on patient care, endangering people’s safety and wellbeing.”
“Healthcare has traditionally fallen behind other sectors in addressing vulnerabilities to the growing amount of cybersecurity attacks, which inaction includes a direct negative effect on patients’ safety and wellbeing,” said Ryan Witt, healthcare cybersecurity leader at Proofpoint, in a statement.
“So long as cybersecurity remains a minimal priority, healthcare providers will continue steadily to endanger their patients,” he added. “In order to avoid devastating consequences, healthcare organizations must know how cybersecurity affects their patient care and take the steps toward better preparedness that protects people and defends data.”