Admin costs ‘the tip of the iceberg’ for healthcare organizations hit by cyber attacks

by | Mar 6, 2023

With increased patient mortality rates for 23% of organizations hit by cyber attacks, the looming threat of medical malpractice claims far outweigh any other costs.

  • Healthcare providers are increasingly being targeted by cyber criminals for patient data, causing disruptions to hospital operations and an increase in patient mortality rates.
  • 57% of surveyed organizations experienced poor patient outcomes and nearly half had increased complications from medical procedures due to cyberattacks
  • Cyberattacks are costly, with the just one attack, on Universal Health Services in 2020 costing $67 million when a cybersecurity incident caused ambulance traffic diversion and scheduling of patient procedures at other facilities
  • A Ponemon Institute study surveyed 641 healthcare, IT and security practitioners, finding that 89% of organizations had a cyberattack in the past year, with an average of 43 attacks per organization.
  • Common cyberattacks, including cloud compromises, ransomware, supply chain and business email compromises, led to increased patient mortality rates for 23% of organizations, costing $4.4 million, including $1.1 million in lost productivity.

The Ponemon Institute study, that was conducted in 2022, revealed that over 20% of healthcare organizations reported increased patient mortality rates following a cyberattack.

The study also indicated that delayed procedures and tests, as well as longer patient stays, were the most commonly reported consequences of cyberattacks. Ransomware attacks had the most significant impact on patient care, with 64% of organizations reporting procedure or test delays and 59% reporting longer patient stays.

Healthcare providers are increasingly targetted due to the wealth of sensitive patient data they hold, leading to attacks that disrupt hospital operations and patient care. For example, a cyberattack at Tenet facilities in April 2020 disrupted acute patient care, while Universal Health Services experienced a similar incident that cost the chain $67 million in the same year.

medical emergencies result from cyber attacks

Cyber attacks disrupt hospital operations and patient care leading to increased mortality rates for many healthcare providers.

The most common cyber attacks were cloud compromises, ransomware, supply chain attacks, and business email compromises, which resulted in increased patient mortality rates for 23% of the organizations. The study found that cyberattacks led to poor patient outcomes for 57% of those surveyed, with almost half reporting increased complications from medical procedures.

The cost of the most expensive cyberattack experienced in the study averaged $4.4 million, with $1.1 million in lost productivity. The study recommended organizations implement training and awareness programs, as well as employee monitoring, to mitigate the risk of attacks, as careless and negligent employees pose a significant threat.

 Far-reaching effects on the healthcare industry

The consequences of cyberattacks on healthcare organizations could have far-reaching effects on the industry, potentially leading to a loss of patient trust, damage to reputation, and increased medical malpractice claims.

With increased awareness of cybersecurity risks, patients may hold healthcare organizations responsible for failing to adequately protect their sensitive information. Furthermore, cyberattacks can lead to delayed or improper medical treatment, which could result in medical malpractice claims if the patient is harmed as a result.

In light of these risks, the importance of cyber insurance cannot be overstated.
Cyber insurance can help healthcare organizations mitigate liability by providing coverage for losses resulting from cyber incidents, including those arising from data breaches, business interruption, and liability claims. Insurance companies can also help clients reduce risk by providing risk assessment and mitigation services, such as employee training and awareness programs, and security monitoring.

The healthcare industry faces significant challenges in protecting sensitive patient data from cyber threats. Healthcare organizations must prioritize cybersecurity risk management to prevent disruptions to hospital operations, poor patient outcomes, and increased medical malpractice claims. Investing in cyber insurance and risk mitigation services can help organizations reduce liability and protect against the financial and reputational damage of cyberattacks.

Dale Nelson

Dale Nelson

Senior Broker, Westwood Insurance Group

Dale has worked in the insurance industry since leaving college, specializing in the healthcare niche. He has developed long-term relationships with insurance carriers and retailers in the Medical Professional Liability area. Dale has worked with carriers, retailers and brokers and so works effectively at helping agents solve problems for their clients.

Articles by Dale Nelson

Digital Healthcare and the Uncertain Malpractice Landscape

The digital healthcare revolution has taken the country by storm - an exciting new area, where opportunities abound for commercial agents. This rapid growth, was fueled by a combination of changing lifestyle trends, technological advancements and a shortfall in...

Could the technology behind Bitcoin help secure medical records?

Cyber security is a growing problem for healthcare providers, who often struggle to keep the records of their patients secure. Cyber insurance coverage is not generally mandated by law and many healthcare organizations remain uninsured, even though laws and...

A lesson in Liability Insurance for Chiropractors

A visit to the chiropractor for a 32-year-old patient in Georgia recently led to a $75 million medical malpractice verdict. The claim related to emergency treatment the patient received after collapsing with a brainstem stroke, resulting from chiropractic manipulation...

Contact Dale Nelson now

Dale Nelson, Westwood team member

Dale specializes in insurance for this particular group. You can call him on the number below or fill out the form and he will get your message directly:

insurance for hospitals

Hospital Insurance typically covers all or part of the potential liability for hospital services. It includes medical malpractice, accidents involving hospital employees and equipment, care during surgery or any other invasive treatment, after-hours care arrangements by staff who need help with their children and more.

insurance for long term care facilities

Long term care facilities must protect themselves against potential liability arising from incidents within their facility. Westwood can help you negotiate a package tailored to your long term care facility client.

insurance for physicians

The different types of insurance for physicians includes medical malpractice insurance, professional liability insurance, errors and omissions insurance, an umbrella policy, and professional indemnity. As a physician, you should have access to all of these types of insurance.

traditional insurance products

Westwood have fostered exceptional relationships with underwriters and we go to great lengths to keep abreast of their latest products, changes in requirements and restrictions, including having weekly calls with the carriers, which you can see here, by joining our insurance insider group.

    Insurance products at Westwood Insurance Group

    You can find more information on the Insurance Products main page.

    If you have any questions on the different policies, check out our Insurance FAQ's

    alternative structures

    Westwood President, Michael Richards has extensive experience in setting up alternative structures for larger clients. Here are some examples:

    If you think your client could be large and stable enough to benefit from starting or participating in a captive or has a special need for another alternative structure, contact Michael Richards now by phone: 855 351 7487.