Fifty percent of respondents in a recent survey of IT professionals at healthcare delivery organizations (HDOs) state that one or more ransomware attacks experienced by their organization resulted in a disruption to patient care. While the most prevalent impact identified was an increase in patients transferred or diverted to other facilities, more than one in five respondents indicate that ransomware attacks had an adverse impact on patient mortality rates, according to the survey conducted by Ponemon Institute and commissioned by Censinet.

The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking report was based on a survey of 579 IT and IT security professionals at HDOs and found that significantly more respondents this year (45%) indicate that ransomware attacks increased complications from medical procedures than in a previous report in which 36% said ransomware attacks had that effect. The earlier report, The Impact of Ransomware on Healthcare During COVID-19 and Beyond, published in September 2021 by Ponemon Institute and Censinet, was the first to demonstrate a qualitative correlation between ransomware and adverse impacts to patient care, including increased mortality rates.

The 2023 study also explored the importance of cyber programs and initiatives such as peer benchmarking and third-party vendor risk management for determining optimal investment levels and resource allocation required to reduce the risk of a ransomware attack and other cyber threats. The report found that:

  • Benchmarking is very valuable in demonstrating cybersecurity program effectiveness, including cybersecurity framework coverage and compliance.
  • Benchmarking is important to making the business case for hiring cyber staff and helps guide tool and technology purchasing for the cybersecurity program.
  • Benchmarking is important when establishing cybersecurity program goals and enables better, more data-driven decision making.
  • Benchmarking is helpful in responding to and recovering from ransomware attacks, according to a majority of respondents. 

More information on the 2023 report can be found here