Cyber Insecurity in Healthcare:
The Cost and Impact on Patient Safety
and Care
Healthcare IT and security professionals have spoken. Ponemon listened. In this study sponsored by Proofpoint, Ponemon surveyed 641 people responsible for security strategies – including setting IT cybersecurity priorities, managing budgets and selecting vendors and contractors. The goal was to understand the cybersecurity threats targeting healthcare organisations and the cost of responding to attacks that can endanger patient safety and care delivery. The results are truly eye opening.
The impact of cyber attacks on patient safety and care delivery
Ponemon analyzed four types of cyber attacks in this report: cloud compromise, ransomware, supply chain and BEC.
Cloud compromise
Fifty-four percent of surveyed healthcare organisations experienced at least one cloud compromise and 64% of those affected noted an impact to patient care. Consequences included an increase in complications from medical procedures (51%), longer length of stay (50%) and increase in mortality rates (18%).
Ransomware
A ransomware attack hit 41% of surveyed healthcare organisations and 67% of those affected by ransomware noted an impact to patient care. Consequences included poor outcomes because of procedure or test delays (64%), longer length of stay (59%), and a rise in mortality rates (24%).
Supply chain attacks
Fifty percent of respondents say their organisation experienced at least one attack against their supply chain and 70% of those affected noted an impact to patient care. Consequences included poor outcomes because of procedure or test delays (54%), longer length of stay (51%) and a rise in mortality rates (23%).
Business Email Compromise (BEC)
Fifty-one percent of surveyed healthcare organisations experienced a BEC attack and 67% of those affected noted an impact to patient care. Consequences included poor outcomes because of procedure or test delays (60%), increase in complications from medical procedures (51%), and a rise in mortality rates (21%).
Major Findings:
This report highlights how a cyber event often adversely impacts patient safety, and, therefore, the importance of a robust security strategy for healthcare to meet its mission.
Ryan Witt, Industries Solutions and Strategy Leader, ProofpointProofpoint helped improve our posture and hardening for BEC attacks as previously we did not have a DMARC setting. BEC attacks targeting our brand are significantly more visible now.
Gary Gooden, Chief Technology and Security Officer, Seattle Children’sEmail is our number one threat vector. That is no secret. Proofpoint does a phenomenal job of reducing that inbound email attack surface. And then if something gets through, it’s a great incident response department.
Chase Franzen, Vice President and Chief Information Security Officer, Sharp HealthCare