The Ponemon Institute study, that was conducted in 2022, revealed that over 20% of healthcare organizations reported increased patient mortality rates following a cyberattack.
The study also indicated that delayed procedures and tests, as well as longer patient stays, were the most commonly reported consequences of cyberattacks. Ransomware attacks had the most significant impact on patient care, with 64% of organizations reporting procedure or test delays and 59% reporting longer patient stays.
Healthcare providers are increasingly targetted due to the wealth of sensitive patient data they hold, leading to attacks that disrupt hospital operations and patient care. For example, a cyberattack at Tenet facilities in April 2020 disrupted acute patient care, while Universal Health Services experienced a similar incident that cost the chain $67 million in the same year.
Cyber attacks disrupt hospital operations and patient care leading to increased mortality rates for many healthcare providers.
The most common cyber attacks were cloud compromises, ransomware, supply chain attacks, and business email compromises, which resulted in increased patient mortality rates for 23% of the organizations. The study found that cyberattacks led to poor patient outcomes for 57% of those surveyed, with almost half reporting increased complications from medical procedures.
The cost of the most expensive cyberattack experienced in the study averaged $4.4 million, with $1.1 million in lost productivity. The study recommended organizations implement training and awareness programs, as well as employee monitoring, to mitigate the risk of attacks, as careless and negligent employees pose a significant threat.
The consequences of cyberattacks on healthcare organizations could have far-reaching effects on the industry, potentially leading to a loss of patient trust, damage to reputation, and increased medical malpractice claims.
With increased awareness of cybersecurity risks, patients may hold healthcare organizations responsible for failing to adequately protect their sensitive information. Furthermore, cyberattacks can lead to delayed or improper medical treatment, which could result in medical malpractice claims if the patient is harmed as a result.
In light of these risks, the importance of cyber insurance cannot be overstated.
Cyber insurance can help healthcare organizations mitigate liability by providing coverage for losses resulting from cyber incidents, including those arising from data breaches, business interruption, and liability claims. Insurance companies can also help clients reduce risk by providing risk assessment and mitigation services, such as employee training and awareness programs, and security monitoring.
The healthcare industry faces significant challenges in protecting sensitive patient data from cyber threats. Healthcare organizations must prioritize cybersecurity risk management to prevent disruptions to hospital operations, poor patient outcomes, and increased medical malpractice claims. Investing in cyber insurance and risk mitigation services can help organizations reduce liability and protect against the financial and reputational damage of cyberattacks.