New Ponemon Institute Research Shows Ransomware Attacks on Healthcare Delivery Organizations Can Lead to Increased Mortality Rate
Post Summary
The research shows ransomware attacks on healthcare organizations can lead to serious consequences, including an increase in patient mortality rates and negative impacts on patient care.
COVID-19 introduced new risk factors, such as: • Increased remote work infrastructure. • Staffing shortages. • Elevated patient care demands. • Greater vulnerability to cyberattacks, especially ransomware.
The report highlights several consequences, including: • Increased mortality rates. • Delays in procedures and tests leading to poor outcomes. • More complications during medical procedures. • Longer patient stays and transfers to other facilities. Q: Why is this research a wake-up call for healthcare organizations?
The combination of ransomware, data breaches, and the pandemic has created a crisis for healthcare IT. Organizations must transform their cybersecurity and third-party risk programs to protect patient safety and care operations.
Download the full report, The Impact of Ransomware on Healthcare During COVID-19 and Beyond, at Censinet.com.
An Independent Analysis of Nearly 600 Providers Also Demonstrates How COVID-19 Has Reduced Their Ability to Defend Against Cyber Threats
BOSTON, MASSACHUSETTS – September 22, 2021 – Ponemon Institute, the pre-eminent research center dedicated to privacy, data protection, and information security policy, surveyed 597 IT and IT security professionals to understand how COVID-19 has impacted how healthcare delivery organizations (HDOs) protect patient care and patient information from increasing virulent cyberattacks, especially ransomware. The independent research report, entitled The Impact of Ransomware on Healthcare During COVID-19 and Beyond, was commissioned by Censinet, the leading healthcare IT risk solutions provider.
For the first time, this research shows that ransomware attacks on healthcare organizations may have life-or-death consequences. Nearly one in four healthcare providers reported an increase in mortality rate due to ransomware. The onset of COVID-19 introduced new risk factors to HDOs, including remote work, new systems to support it, staffing challenges, and elevated patient care requirements. The research focuses on helping CIOs, CISOs, and healthcare risk executives understand the extent to which HDOs are being targeted and ascertain the impact of those attacks. Both are covered in-depth in the key findings section of the report.
“Our findings correlated increasing cyberattacks, especially ransomware, with negative effects on patient care, exacerbated by the impact of COVID on healthcare providers,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “We also analyzed steps that HDOs are taking to protect patient safety, data, and care operations to determine what is working since so many respondents have been victims of more than one ransomware attack.
The report highlights the following impact of ransomware on patient care:
- Increase in mortality rate
- More complications from medical procedures
- Delays in procedures and tests that resulted in poor outcomes
- Upturn in patients transferred or diverted to other facilities
- Longer lengths of stay
“The combination of data breaches, ransomware attacks, and COVID-19 has created the perfect cybersecurity storm and worst two years on record for IT and security leaders in healthcare,” stated Ed Gaudet, CEO and Founder of Censinet. “The Ponemon Research results are an urgent wake-up call for the healthcare industry to transform its cybersecurity and third-party risk programs or jeopardize patient lives.”
Ponemon Institute and Censinet will present the details of the independent research report in a webinar entitled “Understanding the Impact of Ransomware on Healthcare During COVID-19 and Beyond.” It will be presented live on Wednesday, September 29, 2021, at 12:00 PM ET and features Dr. Larry Ponemon and Ed Gaudet, both leading advocates and experts in the healthcare information industry.
To receive a copy of the research report, The Impact of Ransomware on Healthcare During COVID-19 and Beyond, or to learn more about the impact of ransomware on patient care, please visit censinet.com/ponemon-report-covid-impact-ransomware.
About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high-quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. We uphold strict data confidentiality, privacy, and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant, or improper questions.
About Censinet
Censinet, based in Boston, MA, enables healthcare organizations to take the risk out of their business with Censinet RiskOpsTM, the first and only cloud-based exchange that integrates and consolidates enterprise risk management and operations capabilities across critical clinical and business areas. RiskOps builds upon the Company’s foundational success with third-party risk management (TPRM) for healthcare. Censinet transforms healthcare risk by increasing productivity and operational effectiveness while eliminating risks to care delivery, data privacy, and patient safety. Find out more about Censinet and its RiskOps platform at censinet.com.
###
Contact:
Rob Ciampa
Censinet
(617) 286-6785
rciampa@censinet.com
Key Points:
What does the Ponemon Institute research reveal about ransomware in healthcare?
- The Ponemon Institute’s research, commissioned by Censinet, reveals that ransomware attacks on healthcare organizations can have life-or-death consequences.
- Nearly 1 in 4 healthcare providers surveyed reported an increase in patient mortality rates due to ransomware attacks.
- The report also links ransomware to a range of negative impacts on patient care, including delays in treatment and complications during medical procedures.
How has COVID-19 impacted healthcare cybersecurity?
- The COVID-19 pandemic introduced new risk factors that have made healthcare organizations more vulnerable to cyberattacks, including:
- Remote Work: New systems and infrastructure to support remote work expanded the attack surface.
- Staffing Challenges: Reduced staffing made it harder to maintain robust cybersecurity defenses.
- Increased Patient Care Demands: Higher patient volumes and care requirements diverted resources away from cybersecurity efforts.
- These factors have weakened healthcare delivery organizations' ability to defend against cyber threats like ransomware.
What are the key impacts of ransomware on patient care?
The research highlights several critical ways ransomware attacks negatively affect patient care:
- Increase in Mortality Rates: Delayed care or disrupted operations can result in preventable deaths.
- Complications During Medical Procedures: Cyberattacks can interfere with access to critical systems, leading to worse outcomes.
- Delays in Procedures and Tests: Disruptions cause delays that impact the timing and quality of care.
- Patient Transfers and Diversions: Patients are often transferred to other facilities, which can delay treatment.
- Longer Patient Stays: Operational inefficiencies caused by ransomware can extend the length of hospital stays.
Why is this research a wake-up call for healthcare organizations?
- The combination of ransomware attacks, data breaches, and the COVID-19 pandemic has created a “perfect storm” for healthcare IT and security leaders.
- Without urgent transformation of cybersecurity and third-party risk management programs, healthcare organizations risk:
- Jeopardizing patient safety.
- Compromising care delivery.
- Suffering financial losses due to disruptions and recovery efforts.
What steps are healthcare organizations taking to improve cybersecurity?
According to the Ponemon Institute research, healthcare organizations are working to:
- Strengthen Cybersecurity Posture: Implementing robust defenses to prevent ransomware attacks.
- Close Gaps in Security Program Maturity: Identifying weaknesses in their cybersecurity programs and addressing them.
- Monitor and Mitigate Risks: Continuously monitoring risks to reduce the likelihood of future attacks.
- Educate Staff: Training employees on how to recognize and respond to cyber threats.
What are the major findings of the Ponemon report?
The report, titled "The Impact of Ransomware on Healthcare During COVID-19 and Beyond," outlines key findings:
- Healthcare delivery organizations are being targeted more frequently by ransomware attacks.
- Cyberattacks have a direct impact on patient outcomes, including increased mortality rates.
- COVID-19 has weakened healthcare organizations’ ability to defend against these threats.
- Continuous monitoring, risk mitigation, and cybersecurity program improvements are essential for protecting patient care.
Why are ransomware attacks on healthcare so damaging?
Ransomware attacks are especially damaging in healthcare because:
- They disrupt critical systems used for patient care, such as medical records and diagnostic tools.
- They lead to delays in care, which can have life-threatening consequences.
- Healthcare organizations are often forced to pay ransoms to regain access to their systems, leading to financial strain.
Where can I learn more about the Ponemon Institute research?
- The full report, "The Impact of Ransomware on Healthcare During COVID-19 and Beyond," can be downloaded at Censinet.com/ponemon-report-covid-impact-ransomware.
- Ponemon Institute and Censinet will also present the findings in a webinar titled "Understanding the Impact of Ransomware on Healthcare During COVID-19 and Beyond" on Wednesday, September 29, 2021, at 12:00 PM ET.
