Cyberattacks on Hospitals Gaining Momentum, Requiring Triage from MSSPs
Cyberattacks on hospitals are approaching one in two organizations and three of four have experienced at least three hacking incidents, a new report said.
The report, The Insecurity of Connected Devices in HealthCare 2022, sponsored by Cynerio, a New York City-based healthcare Internet of Things (IoT) security provider, examines the impact of cyberattacks on healthcare facilities and more specifically, targeted forays against network-connected IoT and medical devices. The study includes survey results from some 500 leaders at healthcare systems in the U.S.
Hospitals Increasingly Vulnerable to Cyberattacks
The survey is important for managed security service providers (MSSPs) in that attacks on Internet-facing network devices are increasing throughout a number of industries. Many hospitals do not have the bandwidth or resources to protect their internet systems from cyberattacks and require the help of MSSPs. Cynerio offers a comprehensive set of managed options for MSSPs, according to the company’s website.
Here are some top-level trendlines from the study:
- Cyberattacks on healthcare facilities are frequent, recurring and adversely impact patient care.
- Perceived risk in IoT/ IoMT devices is high, but proactive security actions and accountability are not.
- Ransomware is a vicious, profitable cycle.
Chad Holmes, Cynerio’s security evangelist, discussed the intent of the fresh data:
“It’s clear that cyberattackers have increasingly focused their efforts on hospitals since 2020. What had been unclear was the frequency and resulting damage of their attacks. Ultimately, our aim for this data is to inform and expedite improved cybersecurity funding, training, and policy creation for all healthcare providers.”
Cyberattacks Adversely Affect Patient Care
Here are some specific findings from Cynerio’s report:
- 56% of respondents stated their organizations experienced one or more cyberattacks in the past 24 months involving IoMT/IoT devices. Among those, 58% averaged nine or more cyberattacks during that time.
- 45% of these respondents report adverse impacts on patient care, and 53% percent of those report adverse impacts resulting in increased mortality rates.
- 71% of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% report a mature stage of proactive security actions.
- Of the 46% who performed well-known and accepted procedures such as scanning for devices, only 33% of these respondents keep an inventory of the devices that were discovered.
- 47% of those experiencing an attack resulted in a ransom being paid. 32% of the ransoms paid fell in the range of $250k – $500k.