New Ponemon Report Shows Ransomware Continues to Impact Patient Safety, Per Survey of Hospital IT/Security Leaders
Ponemon Institute, the preeminent research center dedicated to privacy, data protection, and information security policy, surveyed 579 IT and IT security professionals at healthcare delivery organizations (HDOs) to understand how ransomware...
Concurring with 2021 Landmark Study, Updated Report Shows Ransomware Continues to Have Adverse Impact on Patient Care, According to 579 Survey Respondents
BOSTON, MA – JANUARY 18, 2023 – Ponemon Institute, the preeminent research center dedicated to privacy, data protection, and information security policy, surveyed 579 IT and IT security professionals at healthcare delivery organizations (HDOs) to understand how ransomware continues to impact patient care, and to determine the value of cybersecurity benchmarking to reduce cyber threats such as ransomware. The independent research report, titled The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking, published in January 2023 from a survey conducted in Q4 2022, was commissioned by Censinet, the leading provider of healthcare risk management solutions.
This 2023 report provides an update to the industry’s first study on the impact of ransomware on patient safety, titled The Impact of Ransomware on Healthcare During COVID-19 and Beyond, published in September 2021 and also commissioned by Censinet. That seminal 2021 study was the first to demonstrate a qualitative correlation between ransomware and adverse impacts to patient care, including increased mortality rates. In this updated report, over half of respondents indicated that one or more ransomware attacks experienced by their organization resulted in a disruption to patient care. While the most prevalent impact identified was an increase in patients transferred or diverted to other facilities, over one-in-five respondents indicated that ransomware attacks had an adverse impact on patient mortality rates – nearly the same response rate as in the 2021 study. However, significantly more respondents this year indicated that ransomware attacks increased complications from medical procedures – up to 45 percent of respondents compared to 36 percent in 2021.
“Our findings indicate that Hospital IT/Security personnel continue to believe ransomware has a broad and adverse impact on patient care,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “With ransomware growing exponentially and most organizations under constant threat, this report also explores how peer benchmarking improves an HDO’s cybersecurity program effectiveness, including its decision-making, hiring, and resource allocation.”
The study also explored the importance of cyber programs and initiatives such as peer benchmarking and third-party vendor risk management for determining optimal investment levels and resource allocation required to reduce the risk of a ransomware attack and other cyber threats. The report found that:
- Benchmarking is very valuable in demonstrating cybersecurity program effectiveness, including cybersecurity framework coverage and compliance.
- Benchmarking is important to making the business case for hiring cyber staff and helps guide tool and technology purchasing for the cybersecurity program.
- Benchmarking is important when establishing cybersecurity program goals and enables better, more data-driven decision-making
- Benchmarking is helpful in responding to, and recovering from, ransomware attacks according to a majority of respondents.
“The findings in this year’s Ponemon report are, unfortunately, not surprising as ransomware continues to shut down hospital operations and disrupt care at an alarming rate,” said Ed Gaudet, CEO and Founder of Censinet. “With patient safety in jeopardy and ‘asymmetric warfare’ no longer hyperbole to describe the situation, this report highlights the continued threats while introducing new approaches to creating rigorous, robust, and continuous cyber programs that protect patients.”
Ponemon Institute and Censinet will present the details of the independent research report in an upcoming webinar, “The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking.” It will be presented live on January 24 at 12:00 PM ET and features Dr. Larry Ponemon and Ed Gaudet, both leading advocates and experts in the healthcare information security industry. Register here for the webinar any time before Jan 24 at 12pm ET.
To receive a copy of the research report, The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking, or to learn more about the impact of ransomware on patient care and the value of cybersecurity peer benchmarking, please visit https://www.censinet.com/impact-of-ransomware-on-patient-safety-and-value-of-cybersecurity-benchmarking
About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high-quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. We uphold strict data confidentiality, privacy, and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant, or improper questions. Learn more at ponemon.org
Censinet®, based in Boston, MA, takes the risk out of healthcare with Censinet RiskOps, the industry’s first and only cloud-based risk exchange of healthcare organizations working together to manage and mitigate cyber risk. Purpose-built for healthcare, Censinet RiskOpsTM delivers total automation across all third party and enterprise risk management workflows and best practices. Censinet transforms cyber risk management by leveraging network scale and efficiencies, providing actionable insight, and improving overall operational effectiveness while eliminating risks to patient safety, data, and care delivery. Censinet is an American Hospital Association (AHA) Preferred Cybersecurity Provider. Find out more about Censinet and its RiskOps platform at censinet.com.