Ponemon Institute: 67 Percent of Healthcare Organizations Hit By Ransomware

Sept. 29, 2021
The Ponemon Institute, sponsored by Censinet, recently released a report about the impact of cyberattacks, particularly ransomware attacks, on the healthcare industry during the COVID-19 pandemic

The Traverse City, Mich-based Ponemon Institute, an independent research firm, recently released a report entitled “The Impact of Ransomware on Healthcare During COVID-19 and Beyond.” The report is sponsored by the Boston, Mass.-based Censinet.

The report was commissioned by Censinet, a third-party risk management platform for healthcare providers, due to the large rise in patient care organizations, which the report refers to as health delivery organizations (HDOs), contacting the company after ransomware attacks or other cybersecurity incidents, and the attacks’ relationship to the COVID-19 pandemic. Additionally, Censinet noticed that much of the coverage of healthcare cybersecurity issues were not focused on patient care and the company was looking for additional parallels to the increase in third parties that are an essential part of the care process.

Significantly, fully 67 percent of patient care organizations have now been victims of ransomware attacks, with 33 percent having already been hit at least twice.

According to the report, “The Ponemon Institute surveyed 597 HDOs for this report, including integrated delivery networks, regional health systems, community hospitals, and more. The Ponemon Institute conducted the research, analyzed the results, and produced the report. Ponemon is one of the top independent research firms for the healthcare industry. It was 100% independent. Censinet had no role in the research and did not have access to or know any of the participants.”

Further, “The purpose of this research is to understand how COVID-19 has impacted how healthcare delivery organizations protect patient care and patient information from increasing virulent cyberattacks, especially ransomware. Prior to COVID-19, 55 percent of respondents say they were not confident they could mitigate the risks of ransomware. In the age of COVID-19, 61 percent of respondents are not confident or have no confidence.”

Key findings from the report include:

  • When asked about what impacts ransomware had on patient care, 71 percent of respondents reported a longer length of stay and 22 percent reported an increase in mortality rate
  • When asked about the biggest concerns about ransomware resulting from their organization’s third-party risk management program (three responses could be selected), 54 percent said patient safety, 53 percent said care disruption, and 45 percent said ransomware
    • When asked what actions respondents were taking to ease their concerns (more than one response was permitted), 50 percent said outsourcing part or all of the functions to a managed service provider, 46 percent said allocating more budget toward risk management, and 44 percent said they were looking for automated solutions to improve efficiency
  • When asked about the biggest barriers to achieving their organization’s vendor risk management objectives (three responses were allowed), 47 percent said complexity of technologies that support vendor risk management, 44 percent said difficulty hiring personnel with the right skills, and 43 percent said lack of cooperation and collaboration among various departments
  • Sixty percent of those surveyed reported credential theft increased when asked about what type of cyberattacks had increased since COVID-19, 55 percent said compromised/stolen devices, and 43 percent said account takeover (more than one response was permitted)

The report has several recommendations for mitigating ransomware and third-party risks. “Ensure critical steps for identifying and mitigating third-party risks are in place,” the report states. “Sixty percent of organizations represented in this research had a data breach in the past two years, resulting in an average of 28,505 records containing sensitive and confidential information compromised. According to the research, organizations can only partially evaluate the various threats targeting their assets and IT vulnerabilities. They also lack the capability to continuously monitor vendor risks.”

The full report can be found here.

Sponsored Recommendations

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...

Luminis Health improved quality and financial outcomes with advanced CDI technology and consulting from 3M

In the beginning, there were challengesBefore partnering with 3M Health Information Systems (HIS), Luminis Health’s clinical documentation integrity (CDI) program faced ...