Cyber–attacks against healthcare organizations cause more than 20% to experience increased mortality rates, suggests new research by Proofpoint’s Ponemon Institute.
The report, which surveyed 641 healthcare IT and security practitioners, also found that 89% of them experienced an average of 43 attacks in the past 12 months, with more than 20% suffering one of the following types of attacks: cloud compromise, ransomware, supply chain, and phishing.
“Cyber–incidents in healthcare are always just a step or two away from causing physical incidents or life–threatening situations,” commented Jack Kudale, founder and CEO at Cowbell Cyber.
“Healthcare services need to meticulously activate simple protection measures such as multi–factor authentication (MFA), systematic backups and cybersecurity awareness training for all employees,” Kudale added.
According to Proofpoint, the most common consequences of these attacks were delayed procedures that resulted in poor patient outcomes for 57% of the healthcare providers and increased complications from medical procedures for roughly half of them.
The attack type most likely to negatively impact patient care was ransomware, leading to procedure or test delays in 64% of cases and longer patient stays (59%).
“Ensuring critical applications, devices and systems are secure should remain the top priority for healthcare security teams,” explained Dave Gerry, chief operating officer at Bugcrowd.
“Bad actors understand the critical nature of the systems supporting healthcare organizations and the human impact behind it, leading to an increased likelihood of ransom payments.”
Further, the Proofpoint report suggested that 53% of participants said a lack of in–house expertise is a challenge, and 46% said they lack sufficient staffing, with both deficiencies negatively affecting cybersecurity.
“Healthcare workers are already burnt out by the pandemic, and putting any additional security measures on the end user is self–defeating,” said Monnia Deng, director of product marketing at Bolster.
“We’ve seen healthcare providers purposely request IT to provide less secure but easier forms of 2FA, so there is less friction between them and their critical job functions. It is the responsibility of the healthcare IT organization to invest in proactive secure measures such as disaster recovery, endpoint detection and response, and email security.”
The whole text of the Cyber Insecurity in Healthcare report is available at this link. Its publication comes hours after Rapid7 unveiled details about vulnerabilities in two TCP/IP–enabled medical devices produced by Baxter Healthcare.