Proofpoint, Inc., a cybersecurity and compliance company, and Ponemon Institute, an IT security research organization, released the results of their third annual survey on the effects of cybersecurity in healthcare. The report, “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2024,” finds that 92 percent of healthcare organizations surveyed experienced at least one cyberattack in the past 12 months, an increase from 88 percent in 2023, with 69 percent reporting disruption to patient care as a result.
Among the organizations that suffered the four most common types of attacks – cloud compromise, ransomware, supply chain and business email compromise (BEC) – 56 percent reported poor patient outcomes due to delays in procedures and tests, 53 percent saw an increase in medical procedure complications, and 28 percent say patient mortality rates increased—an increase of five percentage points over last year. These findings indicate that healthcare organizations continue to struggle with mitigating the risks these attacks pose to patient safety and well-being.
The report, which surveyed 648 information technology and security practitioners in United States healthcare organizations, found that supply chain attacks are most likely to affect patient care. More than two-thirds (68 percent) of respondents said their organizations had an attack against their supply chains, of which 82 percent said it disrupted patient care, an increase from 77 percent in 2023. BEC leads the group of attacks most likely to result in poor outcomes due to delayed procedures and tests (69 percent), followed by ransomware (61 percent), which was also most likely to result in longer lengths of stay (58 percent) and increase in patients diverted or transferred to other facilities (52 percent).
“Our third annual report was conducted to determine if the healthcare industry is making progress in reducing human-centric cybersecurity risks and disruptions to patient care,” says Larry Ponemon, chairman and founder of the Ponemon Institute. “For the third consecutive year, we found that the four types of analyzed attacks show a direct negative impact on patient safety and wellbeing. The good news, however, is the healthcare industry seems to increasingly recognize the importance cybersecurity plays in patient outcomes; on average, IT budgets have increased, and fewer IT practitioners indicate that budget is a challenge in keeping their organization’s cybersecurity posture from being fully effective.”