A new study shows that in the past 12 months, 89% of health care organizations experienced at least one cyberattack, averaging 43 attacks each in that period.
The study from IT security research organization the Ponemon Institute also reveals that more than 20% of the organizations that suffered a cyberattack experienced increased patient mortality rates. The most common consequences of cyber incidents were delayed procedures and tests, resulting in poor patient outcomes for 57% of the victim organizations, and increased complications from medical procedures for nearly half. In terms of financial toll, the most expensive cyberattack cost $4.4 million, and the most significant costs from attacks on medical facilities were lost productivity at an average $1.1 million.
The increasing adoption of connected medical technology (sometimes called the internet of medical things or IoMT) is significantly increasing the cyber risk to medical facilities, but many organizations are not yet incorporating adequate risk management strategies. Healthcare organizations now have an average of 26,000 network-connected devices, and 64% of survey respondents were acutely concerned about medical device security, yet only 51% include prevention and response to attacks on devices in their cybersecurity strategy.