Cynerio and the Ponemon Institute have examined the current impact of cyberattacks on healthcare facilities and network-connected IoT and medical devices, and found multiple alarming trends.
Among other things, the survey has also revealed that almost half of hospitals have been attacked with ransomware, and that 76% of victimized hospitals were attacked 3 or more times.
Key report findings
The Insecurity of Connected Devices in HealthCare 2022 Report surveyed 517 experts in leadership positions at hospitals, clinics, healthcare service providers, and healthcare systems throughout the United States.
The results of the survey showed that:
Cyberattacks on healthcare orgs are frequent, recurring, and impact patient care
56% of respondents stated their organizations experienced one or more cyberattacks in the past 24 months involving IoMT/IoT devices. Among those, 58% averaged 9 or more cyberattacks during that time.
45% of these respondents report adverse impacts on patient care, and 53% percent of those report adverse impacts resulting in increased mortality rates.
Perceived risk in IoT/ IoMT devices is high, but proactive security actions and accountability are not
71% of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% report a mature stage of proactive security actions.
Of the 46% who performed well-known and accepted procedures such as scanning for devices, only 33% of these respondents keep an inventory of the devices that were discovered.
Ransomware is a vicious, profitable cycle
47% of those experiencing a ransomware attack paid the ransom. 32% of the ransoms paid fell in the range of $250k – $500k.
Those that did not pay the ransom most frequently attributed their actions to an effective backup strategy (53%) and company policy (49%).
“It’s clear that cyberattackers have increasingly focused their efforts on hospitals since 2020,” said Chad Holmes, Security Evangelist at Cynerio.
“What had been unclear was the frequency and resulting damage of their attacks. By teaming with Ponemon Institute, we have collected feedback from hundreds of hospitals and presented a clear picture of the issues they’re facing, both in terms of financial losses and impact to patient care. Ultimately, our aim for this data is to inform and expedite improved cybersecurity funding, training, and policy creation for all healthcare providers.”