Cynerio and the Ponemon Institute studied the impact of cyberattacks on healthcare facilities and network-connected IoT and medical devices. They surveyed 517 experts in leadership positions at hospitals, clinics, healthcare providers, and healthcare systems across the United States. Almost half of the hospitals surveyed have already been attacked with ransomware, 76 percent of them three times or more.
Cyber attacks on healthcare organizations are common, sometimes multiple within an organization, and impact patient care, as reported by 45 percent of respondents. 53 percent even report effects that lead to an increased mortality rate.
Networked medical devices, for example, pose dangers. 71 percent of those surveyed rated the security risks emanating from IoT/IoMT devices as high or very high. However, this is not reflected in appropriate precautions: Only 21 percent report that proactive security measures are at a mature stage. For example, 46 percent scanned for devices on the Internet, but only 33 percent of them subsequently inventoried the devices discovered.
Half of those affected have backup
A little less than half of those affected by a ransomware attack (47 percent) paid the demanded ransom. In a third of the cases (32 percent) this was between 250,000 and 500,000 US dollars. Those who did not pay cited an effective backup strategy (53 percent) and company policy (49 percent) as the reason for their refusal.
It is clear that since 2020 cybercriminals have increasingly focused their efforts on healthcare infrastructure. However, little was known about the frequency of the attacks and the resulting damage, says Chad Holmes, security evangelist at Cynerio. The study should provide more information here. Ultimately, Holmes said, “our goal is to use this data to improve funding, education and policymaking for all healthcare providers.”
Further details can be found on the company’s website, where the complete study can also be requested by providing personal data. At the end of 2021, an attack on a Bavarian hospital also made headlines in Germany, and security experts recently discovered security vulnerabilities in infusion pumps.
