Healthcare organizations are being hit hard by cyberattacks

News
By
published

Cyberattacks are causing serious disruption to patient care, report finds

A medical professional working on a digital device with icons floating in the air.
Image Credit: Shutterstock (Image credit: Shutterstock)

Healthcare organizations are being hit extremely hard by cyberattacks, and even the patients are suffering the consequences, new research has claimed.

Proofpoint and Ponemon Institute recently surveyed IT and security pros in healthcare organizations in the United States, and discovered nearly all (92%) had experienced at least one cyberattack in the last 12 months, up from 88% a year ago.

Of those 92%, more than two-thirds (69%) reported that the cyberattack caused serious disruptions to patient care.

Improvements on the ransomware front

The most common types of cyberattacks were cloud compromise, ransomware, supply chain attacks, and business email compromise (BEC). Organizations falling prey to any of these four reported poor patient outcomes due to delays in procedures and tests, an increase in medical procedure complications, and in some cases (28%) - even patient mortality rate increases. To make matters worse, the latter is up 5% year-on-year.

“These findings indicate that healthcare organizations continue to struggle with mitigating the risks these attacks pose to patient safety and well-being,” the report argues. Supply chain attacks are the ones most likely to affect patient care, it was said. More than two-thirds suffered one such attack, and of those that did - 82% experienced disruptions in patient care (up from 77% last year).

There is a silver lining, though, and it has to do with how healthcare firms tackle ransomware. This type of cyberattack was generally considered among the most disruptive and dangerous ones, but this year, concerns are declining. Today, roughly half (54%) of the respondents said they were vulnerable - or highly vulnerable - to a ransomware attack, down from two-thirds (64%) a mere year ago. This might also be due to ransomware operators generally steering clear of healthcare firms and critical infrastructure organizations, since these draw in the full wrath of law enforcement and usually result in the dismantling of the operation.

Fewer organizations paid the ransom demand (36%, compared to 40% last year), but the ransom paid did spike 10%, to an average of $1,099,200 (up from $995,450 in 2023).

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.