72% of hacked healthcare orgs report patient care disruptions

More than half of healthcare organizations that experienced cyberattacks also reported longer patient stays and increased medical procedure complications, highlighting the impact that cyberattacks can have on patient safety, according to a new survey published by Proofpoint and Ponemon Institute.

Ponemon Institute surveyed 677 U.S.-based healthcare IT and cybersecurity professionals to assess the operational and clinical risks associated with cyberattacks against healthcare organizations.

The report found that 93% of surveyed organizations experienced at least one cyberattack in the past 12 months. The research focused on four types of cyberattacks: cloud/account compromise, supply chain attacks, ransomware and business email compromise. Nearly three-quarters of respondents who experienced one or more of these four types of attacks reported disruptions to patient care.

Supply chain attacks resulted in the highest volume of reported disruptions, with 87% of supply chain attack victims saying that the attack disrupted patient care. The disruptions largely involved delays in procedures and tests that resulted in poor outcomes and an increase in complications from medical procedures.

Some even reported higher mortality rates, though it can be difficult to directly link patient mortality rates to cyberattacks due to the multitude of factors that contribute to patient mortality rates.

The report noted that 96% of surveyed organizations experienced at least two data loss or exfiltration incidents involving confidential healthcare data in the past two years. Most of these respondents said that the incidents impacted patient care.

"For the fourth year in a row, the data reinforces a sobering reality: cyberthreats aren’t just IT security issues, they’re clinical risks," the report stated.

"When care is delayed, disrupted or compromised due to a cyberattack, patient outcomes are impacted, and lives are potentially put at risk."

AI has emerged as an increasingly popular security strategy for healthcare organizations, with 30% of respondents saying that they have embedded AI in cybersecurity. Respondents whose organizations use AI for security -- whether for strengthening email security or data loss prevention -- said that the tools were very effective.

However, 60% of organizations reported struggling to protect sensitive data used by AI systems, and data accuracy and interoperability remain significant barriers to widespread adoption.

While healthcare leaders continue to adopt new technologies and improve their organization's security posture with tried-and-true approaches, cyberattacks continue to disrupt operations, finances and patient care.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.