The Growing Toll of a Cyberattack

October 14, 2024

An overwhelming majority of health care organizations reported at least one cyberattack during the past 12 months, according to new survey.

The survey, released last week from Proofpoint, Inc. and the Ponemon Institute, found that 92 percent of reporting health care organizations had experienced one cyberattack during the past month. That’s up from 88 percent during 2023.  Nearly 70 percent reported disruption of care due to these attacks.

The report included perspectives from nearly 650 information technology and security practitioners for U.S. health care organizations.

“The good news, however, is the health care industry seems to increasingly recognize the importance cybersecurity plays in patient outcomes,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

Among the key insights:

• About ransom:  Fewer organizations paid the ransom during 2024 (36%) compared to 2023 (40%). The average amount paid in ransom increased 10 percent to $1,099,200.
• Top threats:  Mobile health apps are a top cybersecurity concern among respondents (59%), followed by cloud/account compromise (55%).
  • Text messaging was the most-attacked collaboration tool (61%). Email was second (59%).
• Growing trend:  About 54 percent of respondents indicated their organizations have embedded artificial intelligence in cybersecurity (28%) or in both cybersecurity and patient care (26%).
• Area of concern:  About 68 percent of respondents said their organizations had an attack against their supply chains.
• Quotable:  “An effective cybersecurity approach centered around stopping human-targeted attacks is crucial for health care institutions, not just to protect confidential patient data but also to maintain the highest quality of medical care,” said Ryan Witt, chair, Healthcare Customer Advisory Board, Proofpoint.

Additional information about the report is available online.