Dive Brief:
- More than one in four ransomware attacks in healthcare impact patient care, according to a new survey out this week from advisory firm Software Advice.
- About half of healthcare organizations that experienced a ransomware attack said the breach impacted patient data — and 34% said they failed to recover the data after the attack.
- Cyberattacks can result in pricey downtime and delay critical procedures, the report said, but only 63% of companies report having a cybersecurity response plan in place.
Dive Insight:
Cyberattacks and data breaches in healthcare are on the rise.
Over 30% of healthcare organizations experienced a cyberattack in the last three years, according to the survey. Over the past five years, there has been a 256% increase in large breaches reported to the HHS Office for Civil Rights involving hacking.
Healthcare holds an outsized amount of sensitive data compared to other industries — the vast majority of which is digital, according to the survey. However, some healthcare operators have failed to adequately encrypt such data at rest or in transit, making the industry a lucrative target for hackers.
The increase in breaches, in addition to several recent high-profile attacks, has garnered attention from federal regulators and lawmakers. This year, the HHS released voluntary cybersecurity goals for the sector and is looking to propose enforceable standards.
Experts told Healthcare Dive last month that health systems need to do more to prepare for potential cyberattacks, like conducting risk analyses. Thirty-seven percent of healthcare organizations did not have a cyberattack contingency plan in place, according to the survey, despite half of organizations having experienced an attack.
The Software Advice report, which surveyed almost 300 respondents working at healthcare organizations in March, also found that 55% of medical practices allowed employees more access to data than necessary.
“Human error results in nearly the same amount of data breaches as targeted, malicious attacks against data security,” the report said.