Dive Brief:
- U.S. hospitals and healthcare systems have been under such relentless cyberattacks in recent months that it is beginning to be a threat to their bottom lines, according to a new report from Fitch Ratings.
- Fitch says the issue has become increasingly serious over the past 18 months, citing data from the firm Bitglass concluding that cyberattacks among healthcare facilities rose 55% last year. Moreover, the rising cyberattacks also resulted in a 16% increase in the average cost of recovering a patient record in 2020 versus 2019.
- "Attacks may also hinder revenue generation and the ability to recover costs in a timely manner, particularly if they affect a hospital's ability to bill patients when financial records are compromised or systems become locked," the report said, adding that patient care may also begin to be impacted.
Dive Insight:
It’s a challenging time for cyberattacks and ransomware hacks for healthcare organizations: More than a third said they were the victim of such an attack last year, and nearly two-thirds said the attacks resulted in being locked out of their own data.
Fitch noted in its report that hospitals and other healthcare providers are desired targets of cybercriminals. "Hospital and health system databases are a treasure trove of critical and sensitive patient data, which are highly sought after by cyber criminals for ransomware and double extortion schemes," it said.
The COVID-19 pandemic not only ratcheted up the volume of such attacks, but also opportunities for bad actors.
"Remote work for non-essential staff opened up opportunities for infiltration, as did the sector's increased use of integrated technology, such as smart medical monitoring devices, telehealth and other virtual care capabilities," the report said. "Software for such devices and heavy medical equipment such as CT scanners and MRI machines are often proprietary and designed with patient care and not necessarily cyber risk in mind."
Although the phenomenon has been studied in terms of the raw increase in the number of attacks, the Fitch report sends out a bigger warning: It could start costing hospitals not only big financial losses in the coming years — particularly as they grow in breadth and sophistication — but clinical losses as well.
"The recovery time and costs associated with breaches of critical data not only pose significant financial burdens but also hamper the ability of healthcare institutions to provide care, which could ultimately have human costs," Fitch said.