Health IT, Hospitals

Report: 22% of providers saw death rates spike following a ransomware attack

Ransomware attacks had an impact beyond mortality rates as well, with 71% of respondents saying that these cyberattacks drove up lengths of stay and 36% saying they led to an increase in clinical complications.

Ransomware attacks have a significant impact on patient care, with nearly one in four providers reporting death rates increased after such an attack, according to a recent report.

Commissioned by Censinet, the report includes survey responses collected by the Ponemon Institute in May. In total, 597 IT and IT security professionals in healthcare delivery organizations participated in the survey.

presented by

Over the last two years, 43% of respondents said their organizations experienced a ransomware attack, of which 33% said they experienced two or more.

The impact on patient care is widespread, the report shows. About 71% of respondents said that ransomware attacks drove up lengths of stay, 70% said they caused delays in procedures and tests and 65% said they increased patient transfers or facility diversions.

Further, 36% said ransomware attacks led to an increase in complications from medical procedures and 22% said it boosted mortality rates.

“Our findings correlated increasing cyberattacks, especially ransomware, with negative effects on patient care, exacerbated by the impact of Covid on healthcare providers,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a news release.

Not only is the impact of ransomware attacks on patient care extensive, but healthcare providers’ response to the attacks is lacking, according to the report.

Once gaps in third-party vendors’ privacy and security practices were discovered, only 44% of respondents said their organizations selected another vendor due to risk, while just 51% said their organizations required a third party to remediate the gap.

Approximately 40% of respondents said their organization always completes a risk assessment of its third parties prior to contracting with them. But only 38% said their organizations’ leaders always accept their recommendation not to contract with a vendor if they are found to be high-risk.

Managing risk brought on by third parties is a multifaceted challenge, as providers contract with an average of 1,950 vendors. This number will increase to an average of 2,541 in the next year, according to the report.

Consequently, only 39% of respondents know how many of their organizations’ personal health information records are accessed, transmitted or stored by third-party products or services.

“The Ponemon Research results are an urgent wake-up call for the healthcare industry to transform its cybersecurity and third-party risk programs or jeopardize patient lives,” said Ed Gaudet, founder and CEO of Censinet, in a news release.

Photo: WhataWin, Getty Images