Ponemon Institute: 67 Percent of Healthcare Organizations Hit By Ransomware

Sept. 29, 2021
The Ponemon Institute, sponsored by Censinet, recently released a report about the impact of cyberattacks, particularly ransomware attacks, on the healthcare industry during the COVID-19 pandemic

The Traverse City, Mich-based Ponemon Institute, an independent research firm, recently released a report entitled “The Impact of Ransomware on Healthcare During COVID-19 and Beyond.” The report is sponsored by the Boston, Mass.-based Censinet.

The report was commissioned by Censinet, a third-party risk management platform for healthcare providers, due to the large rise in patient care organizations, which the report refers to as health delivery organizations (HDOs), contacting the company after ransomware attacks or other cybersecurity incidents, and the attacks’ relationship to the COVID-19 pandemic. Additionally, Censinet noticed that much of the coverage of healthcare cybersecurity issues were not focused on patient care and the company was looking for additional parallels to the increase in third parties that are an essential part of the care process.

Significantly, fully 67 percent of patient care organizations have now been victims of ransomware attacks, with 33 percent having already been hit at least twice.

According to the report, “The Ponemon Institute surveyed 597 HDOs for this report, including integrated delivery networks, regional health systems, community hospitals, and more. The Ponemon Institute conducted the research, analyzed the results, and produced the report. Ponemon is one of the top independent research firms for the healthcare industry. It was 100% independent. Censinet had no role in the research and did not have access to or know any of the participants.”

Further, “The purpose of this research is to understand how COVID-19 has impacted how healthcare delivery organizations protect patient care and patient information from increasing virulent cyberattacks, especially ransomware. Prior to COVID-19, 55 percent of respondents say they were not confident they could mitigate the risks of ransomware. In the age of COVID-19, 61 percent of respondents are not confident or have no confidence.”

Key findings from the report include:

  • When asked about what impacts ransomware had on patient care, 71 percent of respondents reported a longer length of stay and 22 percent reported an increase in mortality rate
  • When asked about the biggest concerns about ransomware resulting from their organization’s third-party risk management program (three responses could be selected), 54 percent said patient safety, 53 percent said care disruption, and 45 percent said ransomware
    • When asked what actions respondents were taking to ease their concerns (more than one response was permitted), 50 percent said outsourcing part or all of the functions to a managed service provider, 46 percent said allocating more budget toward risk management, and 44 percent said they were looking for automated solutions to improve efficiency
  • When asked about the biggest barriers to achieving their organization’s vendor risk management objectives (three responses were allowed), 47 percent said complexity of technologies that support vendor risk management, 44 percent said difficulty hiring personnel with the right skills, and 43 percent said lack of cooperation and collaboration among various departments
  • Sixty percent of those surveyed reported credential theft increased when asked about what type of cyberattacks had increased since COVID-19, 55 percent said compromised/stolen devices, and 43 percent said account takeover (more than one response was permitted)

The report has several recommendations for mitigating ransomware and third-party risks. “Ensure critical steps for identifying and mitigating third-party risks are in place,” the report states. “Sixty percent of organizations represented in this research had a data breach in the past two years, resulting in an average of 28,505 records containing sensitive and confidential information compromised. According to the research, organizations can only partially evaluate the various threats targeting their assets and IT vulnerabilities. They also lack the capability to continuously monitor vendor risks.”

The full report can be found here.

Sponsored Recommendations

2024's Healthcare Buyer Journey: New Research and Insights

Join us on April 30th for a webinar unveiling insights from the latest study on the Healthcare IT Buying Journey! Discover evolving challenges, effective health data management...

Improving care with AI-powered solutions

Don't miss our April 23rd webinar delving into the transformative impact of AI-powered solutions on healthcare. Join industry leaders Reid Conant and Dr. Patrick McGill as they...

Shield your health system against cyber threats

You won't want to miss out on this imperative April 4th webinar about how you can protect your healthcare organization. Join us to learn how to fortify your health system against...

Healthcare Trends 2024: Trends & Strategies for Future Success

Explore the future of healthcare in 2024 with insights from the Healthcare Industry Trends Report. Stay ahead of the curve as we delve into the latest industry developments and...