Cyberattacks on healthcare organizations raise mortality rates by over 20%, according to a new report published by enterprise security company Proofpoint’s Ponemon Institute.
Speaking with 641 healthcare IT and security personnel, researchers at the Ponemon Institute found that 89% saw an average of 43 attacks in the past 12 months, with over 20% experiencing compromised clouds, ransomware, phishing scams and supply chain attacks, according to Infosecurity Magazine
Attacks on supply chains were seen as the most disruptive to patient care by more than 70% of respondents, followed by phishing and ransomware (67%). But ransomware was seen as the most likely to hurt patient safety and care delivery, with 24% saying it increased mortality, 64% saying it created test delays that led to poor outcomes, and 59% saying it extended lengths of stay.
“Cyber incidents in healthcare are always just a step or two away from causing physical incidents or life–threatening situations,” Jack Kudale, founder and CEO of cyber risk insurance firm Cowbell Cyber, told Infosecurity Magazine.
The most common issue was delays in procedures that led to negative patient outcomes, affecting 57% of providers and increasing complications from procedures for roughly half of them.
A lack of in-house expertise was credited as contributing to these issues by 53%, while 46% pointed to a lack of sufficient staffing. Both were found to negatively affect cybersecurity. Additionally, working in silos and lack of collaboration also affected the efficiency of cybersecurity strategy.
According to Monnia Deng, director of product marketing for digital risk protection company Bolster, healthcare workers are still dealing with burnout from the pandemic and asking them to abide by additional security measures can increase challenges they face.
“We’ve seen healthcare providers purposely request IT to provide less secure but easier forms of two-factor authentication, so there is less friction between them and their critical job functions. It is the responsibility of the healthcare IT organization to invest in proactive secure measures such as disaster recovery, endpoint detection and response, and email security,” she told Infosecurity Magazine.