14 DAY TRIAL // According to a study conducted by Fitch Ratings, a historical increase in the number and intensity of cyberattacks on hospitals over the last 18 months will result in substantial income and expense challenges for non-profit hospitals and healthcare systems, according to Fierce Healthcare.
Healthcare is a targeted environment because of the vast amount of sensitive data maintained by organizations for the purposes of patient care and operations. The prevalence of cybercrime surged during the pandemic, as threat actors took advantage of the situation and created widespread disruption in the healthcare industry at a time when there was an urgent need for patient care.
As reported by Fitch Ratings, ransomware payments and efforts to safeguard or harden health systems and cyber defenses have a negative impact on the financial flexibility of hospitals by increasing operating expenses. When financial data is compromised or systems are shut down, attacks might undermine the hospital's ability to bill patients. The recovery time and costs associated with serious data breaches not only limit healthcare organizations' financial resources but also their capacity to offer treatment, according to Fitch Analysts.
Cyberattacks on the American healthcare sector surged by 55% in 2020 as compared to 2019
According to the Ministry of Health and Human Services, significant cyber violations revealed patient data of over 22 million Americans in 2020. Bitglass suggests that cyberattacks against US healthcare businesses increased by over 55% in 2020. The cost of recovering each patient record increased by nearly 16% in 2020 compared to 2019, whereas system recovery took an average of 236 days.
The hospital and health system databases contain essential patient data desired by cybercriminals for ransomware and double-extortion systems. Patient data is considered confidential in the US and is governed by federal and state laws such as the Health Insurance Portability and Accountability Act (HIPAA). Because of patient confidentiality regulations cyber breaches that reveal patient information run the risk losing customer confidence, increasing the expense of litigation, or triggering federal enforcement actions.
During the COVID-19 pandemic, remote work for non-essential people increased, as did the industry's continued use of integrated technology including smart medical monitoring devices, telehealth, and other virtual care capabilities. Software for devices like CT scanners and MRI machines is typically proprietary and developed with patient care in mind, not necessarily considering cyber risks. Moreover, due to the enormous expenses of this type of equipment, institutions, particularly smaller hospitals, can even rely on old or unsupported software for many years, resulting in gaps in institutional security systems.