Trending Cyberattacks that Impact Patient Safety

While cybersecurity attacks primarily affect computer systems, networks, and data storage, the offline effects of these attacks can be vastly different for a healthcare organization or hospital facility.

Hospitals and clinics are increasingly relying on internal networks and Internet of Things applications to support healthcare services, procedures, and monitoring. Healthcare providers use smart device applications that allow patients to schedule appointments, remote patient monitoring technology, and technology to streamline administrative processes (like scheduling for tests and procedures). When malware infects a system, it places patient safety and information at risk.

A recent Proofpoint and Ponemon survey considered the various trends in how cyberattacks impact patient safety and a facility’s efficacy in delivering patient care between 2022 and 2023.

Supply Chain Attacks

• 64 percent of survey respondents said their organization’s supply chain was attacked.
• 77 percent of survey respondents said this kind of attack disrupted patient care.
• Patient care was largely impacted by delays in procedures and tests, meaning that there was often an increase in the severity of the illness (50 percent) and patients often had a longer hospital stay (48 percent).
• 21 percent of respondents said that these attacks were linked to a rise in mortality rate.

Business Email Compromise (BEC) or Spoofing Attack

• 54 percent of respondents said their organizations experienced a BEC/spoofing incident.
• From this group, 69 percent said that the attack disrupted patient care. Most of these incidents resulted in delays in procedures and tests, with more than half of affected healthcare providers saying that the attack increased complications from medical procedures.

Ransomware Attacks

• 54 percent of respondents said their organization experienced a ransomware attack.
• 68 percent said ransomware attacks had a negative impact on patient care.
  • 71 percent of these respondents said that ransomware impacted patient care via delays in procedures and tests, leading to poor outcomes.
  • 48 percent said these attacks also resulted in longer lengths of stay. Longer stays affect an organization’s ability to care for patients.

Cloud Compromises

• 63 percent of survey respondents said their organizations experienced a cloud compromise.
  • Of this group, 49 percent said these attacks disrupted patient care.
  • In 53 percent of instances where patient care was disrupted, there was an increase in complications from medical procedures. 29 percent said these attacks increased the mortality rate.

Data Loss or Exfiltration

• Every survey participant said their organization had at least one data loss of exfiltration incident during the past two years where sensitive and confidential healthcare data was compromised.
  • 43 percent said patient care was impacted. In almost half of these instances (46 percent), mortality rate increased, while 38 percent of respondents said complications from medical procedures increased.

Source: Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care, conducted by the Ponemon Institute and sponsored by Proofpoint, 2023.