Submission + - A Quarter of Healthcare Orgs Say Ransomware Attacks Result in Patient Deaths (esecurityplanet.com)
storagedude writes: Nearly a quarter of healthcare organizations hit by ransomware attacks experienced an increase in patient mortality, according to a new study from Ponemon Institute and Proofpoint.
The report, “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security practitioners and found that the most common consequences of cyberattacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of the healthcare providers, followed by increased complications from medical procedures. The type of attack most likely to have a negative impact on patient care is ransomware, leading to procedure or test delays in 64% of the organizations and longer patient stays for 59% of them.
The Ponemon report depends on the accuracy of self-reporting and thus doesn't have the weight of, say, an epidemiological study that looks at hospital mortality baseline data before and after an attack, but the data is similar to what Ponemon has found in the past and there have been a number of reports of patient deaths and other complications from ransomware attacks.
The new report found that 89% of the surveyed organizations have experienced an average of 43 attacks in the past year. The most common types of attacks were cloud compromise, ransomware, supply chain, and business email compromise (BEC)/spoofing/phishing.
The Internet of Medical Things (IoMT) is a top concern for survey participants. Healthcare organizations have an average of more than 26,000 network-connected devices, yet only 51% of the surveyed organizations include them in their cybersecurity strategy.
Healthcare organizations are better at cloud security, with 63% taking steps to prepare for and respond to cloud compromise attacks, and 62% have taken steps to prevent and respond to ransomware — but that still leaves nearly 40% of healthcare organizations more vulnerable than they should be.
Preparedness is even worse for supply chain attacks and BEC, with only 44% and 48% having a documented response to those attacks, respectively.
The high costs of healthcare cyberattacks — an average of $4.4 million — mean that healthcare cybersecurity tools likely have a high ROI, even though roughly half of the survey respondents say they lack sufficient staffing and in-house expertise.
The report, “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security practitioners and found that the most common consequences of cyberattacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of the healthcare providers, followed by increased complications from medical procedures. The type of attack most likely to have a negative impact on patient care is ransomware, leading to procedure or test delays in 64% of the organizations and longer patient stays for 59% of them.
The Ponemon report depends on the accuracy of self-reporting and thus doesn't have the weight of, say, an epidemiological study that looks at hospital mortality baseline data before and after an attack, but the data is similar to what Ponemon has found in the past and there have been a number of reports of patient deaths and other complications from ransomware attacks.
The new report found that 89% of the surveyed organizations have experienced an average of 43 attacks in the past year. The most common types of attacks were cloud compromise, ransomware, supply chain, and business email compromise (BEC)/spoofing/phishing.
The Internet of Medical Things (IoMT) is a top concern for survey participants. Healthcare organizations have an average of more than 26,000 network-connected devices, yet only 51% of the surveyed organizations include them in their cybersecurity strategy.
Healthcare organizations are better at cloud security, with 63% taking steps to prepare for and respond to cloud compromise attacks, and 62% have taken steps to prevent and respond to ransomware — but that still leaves nearly 40% of healthcare organizations more vulnerable than they should be.
Preparedness is even worse for supply chain attacks and BEC, with only 44% and 48% having a documented response to those attacks, respectively.
The high costs of healthcare cyberattacks — an average of $4.4 million — mean that healthcare cybersecurity tools likely have a high ROI, even though roughly half of the survey respondents say they lack sufficient staffing and in-house expertise.
