Report: Cyber Risks Increase for Not-for-Profit Hospitals

Aug. 31, 2022
A new report from Fitch Ratings found that not-for-profit hospitals in the U.S. are operating with smaller margins and cybersecurity spending may not be up to par

On Aug. 29, Fitch Ratings released a report entitled “Cyber Risk Continues to Grow for U.S. Not-For-Profit Hospital and Health Systems (Cost Pressures Could Amplify Cyber Vulnerabilities).” The report found that cyber risk mitigation is becoming more expensive for not-for-profit hospitals and healthcare systems, which are subject to growing frequency and gravity of attacks.

The report says that “Increasing risk requires greater investment in hardware, software and internal controls in order to prevent and address cyber breaches. However, not-for-profit hospitals are reporting thinner margins amid ongoing cost pressures, necessitating cost containment and revenue-raising measures, and cybersecurity spending may not be prioritized.”

The report explained that quantitative and qualitative factors, including the persistence of effects on operations and management responses, impact the effects of cyber breaches on ratings. To date, Fitch has not downgraded any hospitals or health systems due to a cyberattack.

“However, the credit effects of a cyberattack could be amplified due to labor pressures and inflation compressing not-for-profit hospital margins,” the report notes. “Operating metrics are down significantly in interim 2022 for most health systems compared with 2021. Issuers with weaker financial profiles would have fewer resources available to prevent or recover from a cyberattack, potentially leading to quality of care and reputational risks, and further margin erosion.”

Moreover, cyber breaches that disclose patient information are at risk of litigation costs, federal regulatory actions, and consumers losing confidence in the organization. Attacks also can affect quality of care if access to patient data is denied or medical devices are affected.

The report adds that cyber insurance is still a key risk mitigant, but the increase of cyber insurance premiums could become cost prohibitive for some organizations.

“Fitch considers cybersecurity in its analysis as part of its Environmental, Social and Governance (ESG) framework,” the report states. “A hospital’s ESG Relevance Score would be elevated if cyber risk were deemed to be material to the rating.”

Sponsored Recommendations

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...