With increased patient mortality rates for 23% of organizations hit by cyber attacks, the looming threat of medical malpractice claims far outweigh any other costs.
- Healthcare providers are increasingly being targeted by cyber criminals for patient data, causing disruptions to hospital operations and an increase in patient mortality rates.
- 57% of surveyed organizations experienced poor patient outcomes and nearly half had increased complications from medical procedures due to cyberattacks
- Cyberattacks are costly, with the just one attack, on Universal Health Services in 2020 costing $67 million when a cybersecurity incident caused ambulance traffic diversion and scheduling of patient procedures at other facilities
- A Ponemon Institute study surveyed 641 healthcare, IT and security practitioners, finding that 89% of organizations had a cyberattack in the past year, with an average of 43 attacks per organization.
- Common cyberattacks, including cloud compromises, ransomware, supply chain and business email compromises, led to increased patient mortality rates for 23% of organizations, costing $4.4 million, including $1.1 million in lost productivity.
The Ponemon Institute study, that was conducted in 2022, revealed that over 20% of healthcare organizations reported increased patient mortality rates following a cyberattack.
The study also indicated that delayed procedures and tests, as well as longer patient stays, were the most commonly reported consequences of cyberattacks. Ransomware attacks had the most significant impact on patient care, with 64% of organizations reporting procedure or test delays and 59% reporting longer patient stays.
Healthcare providers are increasingly targetted due to the wealth of sensitive patient data they hold, leading to attacks that disrupt hospital operations and patient care. For example, a cyberattack at Tenet facilities in April 2020 disrupted acute patient care, while Universal Health Services experienced a similar incident that cost the chain $67 million in the same year.
Cyber attacks disrupt hospital operations and patient care leading to increased mortality rates for many healthcare providers.
The most common cyber attacks were cloud compromises, ransomware, supply chain attacks, and business email compromises, which resulted in increased patient mortality rates for 23% of the organizations. The study found that cyberattacks led to poor patient outcomes for 57% of those surveyed, with almost half reporting increased complications from medical procedures.
The cost of the most expensive cyberattack experienced in the study averaged $4.4 million, with $1.1 million in lost productivity. The study recommended organizations implement training and awareness programs, as well as employee monitoring, to mitigate the risk of attacks, as careless and negligent employees pose a significant threat.
Far-reaching effects on the healthcare industry
The consequences of cyberattacks on healthcare organizations could have far-reaching effects on the industry, potentially leading to a loss of patient trust, damage to reputation, and increased medical malpractice claims.
With increased awareness of cybersecurity risks, patients may hold healthcare organizations responsible for failing to adequately protect their sensitive information. Furthermore, cyberattacks can lead to delayed or improper medical treatment, which could result in medical malpractice claims if the patient is harmed as a result.
In light of these risks, the importance of cyber insurance cannot be overstated.
Cyber insurance can help healthcare organizations mitigate liability by providing coverage for losses resulting from cyber incidents, including those arising from data breaches, business interruption, and liability claims. Insurance companies can also help clients reduce risk by providing risk assessment and mitigation services, such as employee training and awareness programs, and security monitoring.
The healthcare industry faces significant challenges in protecting sensitive patient data from cyber threats. Healthcare organizations must prioritize cybersecurity risk management to prevent disruptions to hospital operations, poor patient outcomes, and increased medical malpractice claims. Investing in cyber insurance and risk mitigation services can help organizations reduce liability and protect against the financial and reputational damage of cyberattacks.