Slashdot reader storagedude writes: According to a new study from the Ponemon Institute and Proofpoint, nearly a quarter of healthcare organizations impacted by ransomware attacks experienced increased patient mortality.
The report, “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security professionals and found that the most common consequences of cyberattacks are delaying procedures and tests, leading to poor patient outcomes for 57% of healthcare providers, followed by an increase in complications from medical procedures. The type of attack most likely to negatively impact patient care is ransomware, resulting in delays to procedures or tests in 64% of organizations and longer stays in 59%.
The Ponemon report depends on the accuracy of self-reporting and therefore does not have the weight of, say, an epidemiological study that examines baseline data on hospital mortality before and after an attack, but the data is similar to what Ponemon has found in the past and there have been a number of reports of patient deaths and other complications from ransomware attacks.
The new report found that 89% of organizations surveyed experienced an average of 43 attacks in the past year. The most common attack types were cloud compromise, ransomware, supply chain, and business email compromise (BEC)/spoofing/phishing.
The Internet of Medical Things (IoMT) is a top concern for survey participants. Healthcare organizations on average have more than 26,000 devices connected to the network, but only 51% of organizations surveyed include them in their cybersecurity strategy.
Healthcare organizations are better at cloud security, with 63% taking steps to prepare for and respond to cloud compromise attacks, and 62% have taken steps to prevent and respond to ransomware – but that still leaves close 40% of healthcare organizations more vulnerable than them. should be.
Preparedness is even worse for supply chain and BEC attacks, with only 44% and 48% having a documented response to these attacks, respectively.
The high costs of healthcare cyberattacks – an average of $4.4 million – mean that healthcare cybersecurity tools likely have a high return on investment, even though around half of respondents to the survey survey say they lack staff and internal expertise.