A new survey reveals a significant rise in cyberattacks on healthcare organizations since 2023. These attacks have led to substantial disruptions in patient care, with the average attack costing organizations nearly $1.5 million.
According to the survey, 92% of healthcare IT and security professionals reported at least one cyberattack in the past year, up from 88% in 2023. Of those affected, 69% experienced disruptions in patient care, including delays, complications, longer hospital stays, and even increased mortality rates.
Emphasized the importance of cybersecurity in healthcare, stating that protecting medical data and systems is crucial for ensuring uninterrupted patient care.
Supply chain attacks were identified as the most disruptive to patient care, with 82% of organizations impacted reporting care disruptions. While cloud network and account attacks were the most frequently reported, they were less likely to directly affect patient care.
Ransomware Attacks Remain a Significant Threat to Healthcare:
While the percentage of cyberattacks on healthcare organizations vulnerable to ransomware has decreased slightly since 2023, the threat remains significant. Despite a decline in the number of organizations paying ransoms, the average cost of such payments has increased.
Ransomware attacks continue to have a severe impact on patient care, with many organizations reporting delays in procedures and tests. In particular, a concerning rise in mortality rates linked to ransomware attacks was observed.
While concerns about business email compromise attacks have diminished, they remain a persistent threat. These attacks have been reported to cause significant disruptions in patient care, including delays in procedures and tests.
Cybersecurity Investment Grows in Healthcare:
A new survey highlights the growing recognition of cybersecurity’s importance in healthcare. For the third year in a row, cyberattacks have been shown to directly harm patient safety and well-being. However, the industry is responding by increasing IT budgets and focusing on improving cybersecurity measures.
The survey, conducted by Proofpoint and Ponemon Institute, involved healthcare providers and insurers. The majority of respondents were supervisors or higher-level executives.
A separate report from KLAS Research and Bain & Company found that many healthcare organizations have increased their IT investments in the past year, often driven by the rise in cyberattacks on healthcare organizations, including the Change Healthcare cyberattack. This indicates a growing awareness of the critical need for robust cybersecurity in the healthcare sector
Additional Insights:
- The human cost of cyberattacks: Beyond financial losses, cyberattacks can have devastating consequences for patients, including delayed treatments, compromised care, and even loss of life.
- The role of healthcare providers: Healthcare organizations must invest in robust cybersecurity measures to protect their patients’ sensitive data and ensure the continuity of essential services.
- The importance of collaboration: The healthcare industry needs to collaborate with cybersecurity experts, law enforcement, and regulatory bodies to address the growing threat of cyberattacks.
- The need for a proactive approach: Healthcare organizations should adopt a proactive approach to cybersecurity, including regular risk assessments, employee training, and incident response planning.
By addressing these challenges and prioritizing cybersecurity, healthcare organizations can protect their patients, maintain operational continuity, and build trust in the healthcare system. Focusing on mitigating cyberattacks on healthcare organizations is crucial for ensuring patient safety and the uninterrupted delivery of essential services.
Cyberattacks on Healthcare RCM Companies: A Growing Threat
Healthcare revenue cycle management (RCM) companies play a critical role in the financial health of healthcare providers. Unfortunately, they are also increasingly becoming targets for cyberattacks, which can have devastating consequences for both the RCM company and the healthcare providers they serve.
Types of Cyberattacks Targeting RCM Companies
- Ransomware: This is a common type of attack where cybercriminals encrypt the victim’s data and demand a ransom to restore access. If an RCM company is unable to pay the ransom or restore their systems quickly, it can lead to significant disruptions in patient care and financial losses.
- Data Breaches: Cybercriminals may target RCM companies to steal patient data, which can be sold on the dark web or used for identity theft. Data breaches can also damage the reputation of the RCM company and the healthcare provider.
- Business Email Compromise (BEC): In BEC attacks, cybercriminals impersonate employees or executives to trick RCM companies into sending money or providing sensitive information.
- Supply Chain Attacks: Cybercriminals may target vendors or suppliers of RCM companies to gain access to their systems.
By taking these steps, RCM companies can help protect themselves and their clients from the growing threat of cyberattacks.