.

More than 20% of healthcare organizations changed senior leadership after cyberattack: survey

Cyberattacks on the healthcare sector more frequently result in financial damage and lawsuits compared with all industries, according to a report from cybersecurity firm Netwrix.

Article By: Emily Olsen

Blog Source From : https://www.healthcaredive.com/

Dive Brief:

  • More than 80% of healthcare organizations detected a cyberattack on their technology infrastructure within the past year, according to a survey by cybersecurity firm Netwrix. 
  • The attacks more often end in financial losses for the sector. Nearly 70% of healthcare companies reported a cyberattack resulted in financial damage, compared with 60% in other industries.
  • Healthcare organizations faced other consequences after cyberattacks as well. One in five said they experienced a change in senior leadership after an attack, while 19% reported lawsuits. 

Dive Insight:

Cyberattacks on healthcare organizations can have serious consequences for care delivery, delaying services or forcing hospitals to send emergency cases to nearby facilities. But healthcare data is extremely valuable to cybercriminals, making the sector a prime target for hackers, experts say.

Meanwhile, the industry is also highly regulated, leading to more penalties for noncompliance and potential lawsuits from people affected by a cyberattack, Ilia Sotnikov, Security Strategist at Netwrix, said in a statement. 

Additionally, healthcare organizations might feel increased pressure to make executive changes in the wake of an attack to demonstrate their commitment to improving security, he added. Protected health data beaches often contain sensitive details that attract media and public attention.

Healthcare faces more legal, leadership challenges after cyberattacks

Percent of respondents reporting a cyberattack consequence in healthcare and all industries

Phishing, a scam where criminals attempt to trick users into installing malware or revealing information like log-in details, is the most common type of cyberattack targeting healthcare technology systems stored on premises, similar to other industries, according to the report.

Meanwhile, nearly three quarters of attacks on healthcare organizations’ cloud infrastructure were caused by compromised user or administrator accounts.

“Healthcare workers regularly communicate with many people they do not know — patients, laboratory assistants, external auditors and more — so properly vetting every message is a huge burden,” Dirk Schrader, vice president of security research at Netwrix, said in a statement. “Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients.”

The industry is coming off a challenging year for healthcare security. The massive cyberattack against UnitedHealth-owned claims professor and technology firm Change Healthcare exposed the data of 100 million people and cost its parent company $3.1 billion.

Another large attack against nonprofit health system Ascension compromised information from 5.6 million people, contributing to a $1.1 billion net loss during its 2024 fiscal year. 

Leave a Reply

Your email address will not be published. Required fields are marked *