Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Cybersecurity
September 22, 2021 06:00 AM

Cyberattacks can extend length of stay, delay procedures, survey says

Jessica Kim Cohen
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    cybersecurity-data-hacking-1_i.png

    Ransomware attacks have the potential to increase patients' length of stay and delay care, according to a new poll of information technology and security professionals at healthcare organizations.

    There hasn't been much research to date that's quantified the link between cyberattacks and patient safety, despite recognition that it's a problem. Beyond cutting off access to medical data, cyberattacks like ransomware can pose issues if hospitals are forced to delay or divert patient care—leading the American Hospital Association to call it a "threat-to-life crime."

    Slightly more than half—56%—of IT and security professionals said cyberattacks have affected patient care at their organization, according to a survey Ponemon Institute published Wednesday.

    Ponemon Institute, a research group that conducted the survey, polled nearly 600 IT and security professionals from integrated delivery networks, regional health systems and other healthcare organizations. The survey was commissioned by Censinet, a healthcare cybersecurity company focused on third-party risk management.

    "The impact to patient care is grave, and it's getting worse," said Aaron Miri, senior vice president and chief digital and information officer at Jacksonville, Florida-based Baptist Health and a member of Censinet's advisory board.

    Miri highlighted the potential for medical devices, which are increasingly connected to the internet or to internal hospital networks, to be hacked or get disrupted during the course of a ransomware attack, which could be dangerous for patients.

    Seventy percent of survey respondents who said cyberattacks have affected patient care said such attacks resulted in longer lengths of stay.

    Cyberattacks have resulted in delays in procedures and tests (69%), patients being diverted or transferred to other facilities (63%), an increase in complications from medical procedures (37%) and an increase in mortality rate (23%), according to the survey. Respondents were allowed to select more than one answer.

    "Cybersecurity is, and should be, considered as a patient safety issue," said Juuso Leinonen, principal project engineer in ECRI's device evaluation group. ECRI named cybersecurity threats the top technology hazard for patient safety in 2018. "This is primarily through disruption to care delivery or delayed patient care."

    A ransomware attack that brings down a hospital's network, for example, disrupts care by cutting off access to data from various information systems and forcing clinicians onto paper records.

    Scripps Health in May experienced a massive ransomware attack that led the San Diego health system to take a portion of its network offline, disrupting access to the electronic health record system and other applications for roughly a month. It also caused confusion for some patients, who weren't sure whether scheduled procedures and visits would be postponed.

    Ransomware—a type of malware that encrypts a victim's computer files and only releases them in exchange for payment—has become a growing area of concern across multiple industries, including healthcare.

    In the wake of the attack at Scripps, the Federal Bureau of Investigation issued an alert warning that ransomware attacks against healthcare organizations "can delay access to vital information, potentially affecting care and treatment of patients including cancellation of procedures, rerouting to unaffected facilities, and compromise of protected health information."

    It's particularly challenging for hospitals to continue treating patients if their EHR is taken down in a ransomware attack, as clinicians must move to downtime procedures and paper records. That not only can take longer and cut off access to medical histories and allergies, but also just require a change in process clinicians aren't used to.

    "When the systems are down, we can still take care of patients," said John Delano, vice president of ministry and support services at Irving, Texas-based Christus Health and healthcare security strategist at cybersecurity consulting firm Critical Insight—but it brings challenges. Many EHRs also have features that flag things like drug interactions, which won't be available during system downtime.

    That's why it's important to have an incident response plan that workers have prepared for and are familiar with, Delano said.

    "Healthcare organizations have to remain vigilant," he said. "It's not going to slow down."

    In November of last year, Vermont's National Guard was called in to help the University of Vermont Health Network respond to an attack that had disrupted services. And a year ago in September 2020, Universal Health Services disclosed what appeared to be one of the largest reported healthcare cyberattacks.

    Forty-three percent of respondents in Ponemon Institute's survey said their organization had experienced at least one ransomware attack in the past two years. One-third of those respondents said their organization had experienced multiple ransomware attacks, according to the survey.

    Hackers varied in how much they demanded for a ransom payment.

    One-quarter of respondents said hackers demanded less than $10,000 to decrypt their files, followed by 21% who said they demanded between $10,000 and $25,000, according to the survey. At the most expensive end, 2% of respondents said hackers had demanded a ransom of between $5 million and $10 million.

    The Biden administration and Congress have homed in on addressing an increased level ransomware attacks, as cybercriminals recently have targeted hospitals, government agencies and schools.

    Some cybersecurity experts have called on the federal government to provide more coordinated support to healthcare organizations dealing with ransomware attacks, including support from the FBI, Homeland Security Department and Health and Human Services Department.

    Miri recommended the Food and Drug Administration develop a cybersecurity framework that medical device manufacturers are held to. He also suggested the federal government provide safe harbors for healthcare organizations reporting cybersecurity problems with devices or vendors.

    Healthcare organizations "need to know that (they) can talk about these things," Miri said. "That's the only way that we can get better."

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    cybersecurity
    Health insurance data breach exposes Congressional members' personal info
    cybersecurity-data-hacking_2_i.png
    Following alleged cyberattack, Tallahassee Memorial resumes some services
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing