New Ponemon Report Shows Ransomware Continues to Impact Patient Safety, Per Survey of Hospital IT/Security Leaders
Post Summary
The report shows that ransomware continues to disrupt patient care, with impacts including increased mortality rates and complications from medical procedures.
The Ponemon Institute surveyed 579 IT and security professionals from healthcare delivery organizations (HDOs) for this study.
Over 50% of respondents reported that ransomware attacks caused disruptions to patient care, such as transferring patients to other facilities.
The report highlights that peer benchmarking improves cybersecurity effectiveness, decision-making, hiring, and resource allocation to reduce ransomware risks.
The report found that ransomware increased medical procedure complications for 45% of respondents and had adverse impacts on patient mortality rates for over 20%.
Visit Censinet’s website to download the report and gain deeper insights.
Concurring with 2021 Landmark Study, Updated Report Shows Ransomware Continues to Have Adverse Impact on Patient Care, According to 579 Survey Respondents
BOSTON, MA – JANUARY 18, 2023 – Ponemon Institute, the preeminent research center dedicated to privacy, data protection, and information security policy, surveyed 579 IT and IT security professionals at healthcare delivery organizations (HDOs) to understand how ransomware continues to impact patient care, and to determine the value of cybersecurity benchmarking to reduce cyber threats such as ransomware. The independent research report, titled The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking, published in January 2023 from a survey conducted in Q4 2022, was commissioned by Censinet, the leading provider of healthcare risk management solutions.
This 2023 report provides an update to the industry’s first study on the impact of ransomware on patient safety, titled The Impact of Ransomware on Healthcare During COVID-19 and Beyond, published in September 2021 and also commissioned by Censinet. That seminal 2021 study was the first to demonstrate a qualitative correlation between ransomware and adverse impacts to patient care, including increased mortality rates. In this updated report, over half of respondents indicated that one or more ransomware attacks experienced by their organization resulted in a disruption to patient care. While the most prevalent impact identified was an increase in patients transferred or diverted to other facilities, over one-in-five respondents indicated that ransomware attacks had an adverse impact on patient mortality rates – nearly the same response rate as in the 2021 study. However, significantly more respondents this year indicated that ransomware attacks increased complications from medical procedures – up to 45 percent of respondents compared to 36 percent in 2021.
“Our findings indicate that Hospital IT/Security personnel continue to believe ransomware has a broad and adverse impact on patient care,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “With ransomware growing exponentially and most organizations under constant threat, this report also explores how peer benchmarking improves an HDO’s cybersecurity program effectiveness, including its decision-making, hiring, and resource allocation.”
The study also explored the importance of cyber programs and initiatives such as peer benchmarking and third-party vendor risk management for determining optimal investment levels and resource allocation required to reduce the risk of a ransomware attack and other cyber threats. The report found that:
- Benchmarking is very valuable in demonstrating cybersecurity program effectiveness, including cybersecurity framework coverage and compliance.
- Benchmarking is important to making the business case for hiring cyber staff and helps guide tool and technology purchasing for the cybersecurity program.
- Benchmarking is important when establishing cybersecurity program goals and enables better, more data-driven decision-making
- Benchmarking is helpful in responding to, and recovering from, ransomware attacks according to a majority of respondents.
“The findings in this year’s Ponemon report are, unfortunately, not surprising as ransomware continues to shut down hospital operations and disrupt care at an alarming rate,” said Ed Gaudet, CEO and Founder of Censinet. “With patient safety in jeopardy and ‘asymmetric warfare’ no longer hyperbole to describe the situation, this report highlights the continued threats while introducing new approaches to creating rigorous, robust, and continuous cyber programs that protect patients.”
Ponemon Institute and Censinet will present the details of the independent research report in an upcoming webinar, “The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking.” It will be presented live on January 24 at 12:00 PM ET and features Dr. Larry Ponemon and Ed Gaudet, both leading advocates and experts in the healthcare information security industry. Register here for the webinar any time before Jan 24 at 12pm ET.
To receive a copy of the research report, The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking, or to learn more about the impact of ransomware on patient care and the value of cybersecurity peer benchmarking, please visit https://www.censinet.com/impact-of-ransomware-on-patient-safety-and-value-of-cybersecurity-benchmarking
About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high-quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. We uphold strict data confidentiality, privacy, and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant, or improper questions. Learn more at ponemon.org
About Censinet
Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOpsTM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.
###
Contact:
Justyn Thompson
(617) 221-6875
Key Points:
What does the Ponemon Institute's 2023 report reveal about ransomware in healthcare?
The report reveals that ransomware continues to have a severe impact on patient care, with disruptions including:
- Patient Transfers: Over half of respondents reported transferring or diverting patients due to ransomware attacks.
- Increased Mortality Rates: More than 20% of respondents indicated ransomware had adverse impacts on patient mortality.
- Procedure Complications: 45% of respondents noted an increase in complications from medical procedures, up from 36% in 2021.
How many healthcare organizations participated in this study?
The Ponemon Institute surveyed BOLD '579 IT and security professionals' from healthcare delivery organizations (HDOs) to understand ransomware’s ongoing impact on patient safety and the value of cybersecurity benchmarking.
Why is cybersecurity benchmarking important for healthcare organizations?
The report emphasizes several benefits of benchmarking, including:
- Demonstrating the effectiveness of cybersecurity programs.
- Assisting in resource allocation, such as hiring and technology purchases.
- Improving data-driven decision-making for cybersecurity goals.
- Enhancing response and recovery efforts during ransomware attacks.
What role does ransomware play in patient safety risks?
Ransomware attacks disrupt hospital operations, leading to:
- Delayed or canceled medical procedures.
- Increased patient transfers to other facilities.
- Complications during medical procedures.
- Increased risks to patient mortality rates.
How does the 2023 report compare to the 2021 study on ransomware?
The updated study builds on the 2021 landmark research, confirming that ransomware continues to threaten patient safety. Key differences include:
- A rise in reported medical procedure complications (from 36% in 2021 to 45% in 2023).
- Consistent findings on the impact of ransomware on patient mortality rates.
Where can organizations access the full report and webinar?
Healthcare organizations can download the full report, The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking, and register for the webinar at Censinet’s website.
