"Cyberattacks on Healthcare Organizations Negatively Impact Patient Care"

Security researchers at Cynerio and the Ponemon Institute have recently studied the current impact of cyberattacks on healthcare facilities and network-connected IoT and medical devices and found multiple alarming trends.  The researchers surveyed  517 experts in leadership positions at hospitals, clinics, healthcare service providers, and healthcare systems throughout the United States.  The researchers found that almost half of hospitals have been attacked with ransomware and that 76% of victimized hospitals were attacked three or more times.   More than half (56%) of respondents stated their organizations experienced one or more cyberattacks in the past 24 months involving IoMT/IoT devices.  Among those, 58% averaged 9 or more cyberattacks during that time.  Almost half (45%) of these respondents report adverse impacts on patient care, and 53% percent of those report adverse impacts resulting in increased mortality rates.  The researchers stated that perceived risk in IoT/ IoMT devices is high, but proactive security actions and accountability are not.  Many (71%) of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% reported a mature stage of proactive security actions.  Of the 46% who performed well-known and accepted procedures such as scanning for devices, only 33% of these respondents keep an inventory of the devices that were discovered.  The researchers also found that almost half (47%) of those that experienced a ransomware attack paid the ransom.  More than a quarter (32%) of the ransoms paid fell in the range of $250k – $500k.  Organizations that did not pay the ransom most frequently attributed their actions to an effective backup strategy (53%) and company policy (49%).

Help Net Security reports: "Cyberattacks on Healthcare Organizations Negatively Impact Patient Care"