Health Care Cyberattacks Increase Mortality Rates

Hilary Tuttle


October 3, 2022

cyberattacks on health care facilities

In the past 12 months, 89% of healthcare organizations experienced at least one cyberattack, averaging 43 attacks each in that period, according to a recent study by cybersecurity firm Proofpoint and IT security research organization the Ponemon Institute.

The impacts are dramatic: more than 20% of the organizations that suffered a cyberattack experienced increased patient mortality rates. The most common consequences of cyber incidents were delayed procedures and tests, resulting in poor patient outcomes for 57% of the victim organizations, and increased complications from medical procedures for nearly half. In terms of financial toll, the most expensive cyberattack cost $4.4 million, and the most significant costs from attacks on medical facilities were lost productivity at an average $1.1 million.

The increasing adoption of connected medical technology (sometimes called the internet of medical things or IoMT) is significantly increasing the cyberrisk to medical facilities, but many organizations are not yet incorporating adequate risk management strategies. Healthcare organizations now have an average of 26,000 network-connected devices, and 64% of survey respondents were acutely concerned about medical device security, yet only 51% include prevention and response to attacks on devices in their cybersecurity strategy.

Hilary Tuttle is managing editor of Risk Management.