Cloud compromise ranks as top healthcare cyber threat

Cloud compromise, ransomware, supply chain, and business email compromise (BEC) rank among the top cyberthreats to healthcare cybersecurity, according to a report from cybersecurity firm Proofpoint and IT research organization Ponemon Institute.  

Of the 653 healthcare organizations surveyed, a staggering 88% reported they experienced a cyberattack in the past 12 months. The financial toll these breaches inflict is equally perturbing, with the average total cost per cyberattack on healthcare entities standing at $4.99 million, marking a 13% increase from the preceding year.  

“For the second consecutive year, we found that the four types of analyzed attacks show a direct negative impact on patient safety and wellbeing,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Our findings also show that more IT and security professionals view their organization as vulnerable to each type of attack, compared to 2022. These attacks are also putting an even greater strain on resources than last year—costing on average 13% more overall and 58% more in the time required to ensure the impact on patient care was corrected.” 

Top healthcare cyberattacks and their impact on patient safety and care delivery 

Cloud compromise 

• 74% of participants say their organization’s cloud is vulnerable to an attack, making it the top cybersecurity threat in healthcare. 
• 63% report firsthand encounters with at least one cloud compromise within their organizations in the past two years, amounting to a total of 21 incidents. 
• 63% of respondents express concern about cyberthreats to the cloud, up from 57% last year. 

While healthcare organizations are increasingly focusing on cyber threats to the cloud, in comparison to other forms of cyberattacks highlighted in the survey, a cloud compromise had the lowest rate of impact on patient safety and the delivery of care — of course, any impact to patient care is potentially dangerous. Of the 63% of organizations that reported experiencing a cloud compromise, only 49% said it disrupted care delivery. Of those respondents, 53% said the disruption “increased complications from medical procedures” and 29% reported an increase in mortality rate.  

Ransomware disrupting care 

• 64% of participants believe their organizations are susceptible to a ransomware attack, but only 48% are concerned about it, down 12% from 2022. 

• Organizations that suffered a ransomware attack (54%) in the past two years experienced an average of four attacks. 
• 40% of organizations paid the ransom — an 11% decrease from 2022 — but the ransom paid increased by almost 30% to reach an average of $995,450. 

Of the 54% of participants that had encountered a ransomware attack, 68% said that these ransomware attacks had a detrimental effect on patient care. Respondents reported that ransomware attacks led to delays in procedures and tests (58%) and led to longer lengths of stay, negatively affecting patient care (48%).  

Business email compromise (BEC) 

• 62% of participants rank BEC/spoofing phishing incidents as their top cybersecurity concern. 
• BEC attacks have increased from an average of four to five attacks. 
• Of the 54% of respondents that reported their organizations had suffered a BEC/spoofing attack, 69% reported that BEC attacks affected patient care. 

BEC has the highest likelihood of negatively impacting patient care stemming from delayed procedures (71%), surpassing even ransomware (59%). BEC also leads to an increase in medical procedure complications (56%) and prolonged hospital stays (55%). 

While concern grew for BEC, only 45% implemented preventative measures and response strategies to deal with these types of attacks.  

Supply chain attacks 

• 63% of respondents say their organization is vulnerable to a supply chain attack, but only 40% are concerned. 
• 64% of respondents reported that their organizations had experienced an attack on their supply chains. 
• On average, organizations suffered four supply chain attacks over the course of two years. 

Among the 64% that experienced a supply chain attack, 77% stated that these attacks had a disruptive impact on patient care, marking an increase from the 70% recorded in 2022. Organizations reported an escalation in the severity of illness (50%) and prolonged hospital stays (48%). Additionally, 21% of respondents noted an increase in mortality rates as a result of these supply chain disruptions. 

Impact of data loss on healthcare organizations 

Every single organization documented at least one occurrence of data loss or unauthorized data exfiltration involving sensitive and confidential healthcare information over the past two years, with an average of 19 incidents of data loss over the course of two years.  

Many organizations cited staffing (50%) and budget (47%) constraints as barriers to improving cybersecurity measures, and 58% say they don’t possess the necessary in-house expertise. However, 65% of organizations reported providing cybersecurity training to their employees to protect against evolving threats.  

“While the healthcare sector remains highly vulnerable to cybersecurity attacks, I’m encouraged that industry executives understand how a cyber event can adversely impact patient care. I’m also more optimistic that significant progress can be made to protect patients from the physical harm that such attacks may cause,” said Ryan Witt, chair, Healthcare Customer Advisory Board at Proofpoint, in a statement. “Our survey shows that healthcare organizations are already aware of the cyber risks they face. Now they must work together with their industry peers and embrace governmental support to build a stronger cybersecurity posture — and consequently, deliver the best patient care possible.”