Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Cybersecurity
August 09, 2022 12:38 PM

Cybersecurity attacks cost healthcare systems more than any other sector, new report finds

Crain's New York Business
Jacqueline Neber
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    mh20171218_ransomware_WEB_i_i_i.jpg
    Getty Images

    Ransomware attacks occur when hackers demand healthcare systems pay ransoms to get access to medical devices and other technology back.

    A data breach within a healthcare system could cost in excess of $10 million—more than in any other sector—according to a new report.

    The cost is on the rise, up about $1 million from last year. The uptick is partially due to increasingly integrated technology systems.

    The report, released by IBM at the end of last month, collected national data from more than 550 organizations across industries from March 2021 to March 2022, analyzing how cybersecurity attacks impact organizations. Breaches within the healthcare sector have cost companies $10.1 million per breach, a nearly 10% increase from last year and a 42% increase from 2020. The average cost of a critical infrastructure data breach globally in any industry was just under $4.5 million.

    Financial organizations experience the second-most-expensive breaches, at nearly $6 million per breach, IBM reports.

    Cyberattacks can happen in many different ways, said Limor Kessem, a principal consultant in cyber crisis management for IBM’s Security X-Force. Destructive attacks and ransomware attacks—wherein hackers disrupt a hospital’s technologies, for example, and ask the hospital to pay a ransom in order to get access back—are disruptive as well as costly.

    “Attacks that take place in real time cause direct losses to hospitals, which have to reroute patients, deny care, lose access to electronic health records and see the risk to human lives rise as a result of the attack,” Kessem told Crain’s. “That’s on top of staff distress and having to revert to manual procedures and paperwork.”

    Related Articles
    Healthcare data breaches
    HHS requests info on cybersecurity practices at health organizations
    From cybersecurity to wifi, here are the top 10 tech threats for 2022

    The stakes are particularly high for New York hospitals. According to industry standards, on average every bed in a hospital uses 15 devices that are often interconnected, including monitors and IV pumps, according to Chad Holmes, a product specialist at Cynerio, a cybersecurity company on the Upper West Side. A 1,000-bed hospital could have 15,000 devices that could all be impacted by an attack, he said.

    “If a city like New York lost access, that would be really bad for ERs and could have a really bad cascading effect,” Holmes said. If patients had to be diverted from a city health system location but all sites were impacted by a breach, it could have a domino effect, he said.

    Healthcare organizations are more vulnerable to cybersecurity attacks than other systems are because hackers know they are impacted more when technologies aren’t working, Kessem said. Such downtime costs organizations financially, but it also can cost lives if medical systems are disrupted.

    The complexity of the technology infrastructure healthcare systems tend to use also makes them more vulnerable to attacks, Kessem said, and many organizations run outdated programs on devices they use every day, exacerbating the issue.

    According to IBM’s report, highly regulated environments such as healthcare systems wind up paying for data breaches for longer compared with less-regulated industries. Typically a healthcare organization can take more than 10 months to recover from a data breach.

    Download Modern Healthcare’s app to stay informed when industry news breaks.

    Cynerio released a report last week that shows hospitals typically have to pay $250,000 to $500,000 to recover access to their technology after a ransomware attack, and there is no real way to recoup those costs, Holmes said. The firm asked 517 hospital leaders about the frequency of attacks; leaders reported that once their system was hit, they got hit many more times afterward. Overall, 11% of the time, healthcare systems were attacked 25 or more times.

    Almost a quarter of cyberattacks Cynerio studied led to increased patient mortality, Holmes said, because attacks disrupted lifesaving medical treatment.

    Sher Baig, who works in global cyber commercialization at GE Healthcare, said big hospitals can see losses of up to $50 million in a single quarter because of cyberattacks. The losses are so large they could force hospitals out of business, Baig said, punctuating the need for hospital leaders to have a defense plan in place.

    “I highly recommend having an incident response plan, a team in place to carry out the response, and drilling that plan to improve over time,” Kessem said. “A special playbook for ransomware cases can not only save costs for the hospital—about 58% of the breach’s cost—but it can also save lives.”

    IBM has released annual reports on the cost of data breaches for nearly two decades.

    This story first appeared in our sister publication, Crain's New York Business.

    Related Articles
    OneTouchPoint reports data breach involving 38 providers, insurers
    700K patients involved in Arizona hospital cybersecurity incident
    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    cybersecurity
    Health insurance data breach exposes Congressional members' personal info
    cybersecurity-data-hacking_2_i.png
    Following alleged cyberattack, Tallahassee Memorial resumes some services
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing