Ransomware attacks on healthcare organizations may have life-or-death consequences

Ponemon Institute surveyed 597 IT and IT security professionals to understand how COVID-19 has impacted how healthcare delivery organizations (HDOs) protect patient care and patient information from increasing virulent cyberattacks, especially ransomware.

healthcare ransomware

For the first time, this research shows that ransomware attacks on healthcare organizations may have life-or-death consequences. Nearly one in four healthcare providers reported an increase in mortality rate due to ransomware.

COVID-19 introduced new risk factors to HDOs

The onset of COVID-19 introduced new risk factors to HDOs, including remote work, new systems to support it, staffing challenges, and elevated patient care requirements. The research focuses on helping CIOs, CISOs, and healthcare risk executives understand the extent to which HDOs are being targeted and ascertain the impact of those attacks.

“Our findings correlated increasing cyberattacks, especially ransomware, with negative effects on patient care, exacerbated by the impact of COVID on healthcare providers,” said Dr. Larry Ponemon, chairman of the Ponemon Institute.

“We also analyzed steps that HDOs are taking to protect patient safety, data, and care operations to determine what is working since so many respondents have been victims of more than one ransomware attack.”

healthcare ransomware

Impact of ransomware on healthcare

  • Increase in mortality rate
  • More complications from medical procedures
  • Delays in procedures and tests that resulted in poor outcomes
  • Upturn in patients transferred or diverted to other facilities
  • Longer lengths of stay

“The combination of data breaches, ransomware attacks, and COVID-19 has created the perfect cybersecurity storm and worst two years on record for IT and security leaders in healthcare,” stated Ed Gaudet, CEO at Censinet.

“The Ponemon Research results are an urgent wake-up call for the healthcare industry to transform its cybersecurity and third-party risk programs or jeopardize patient lives.”




Share this