Healthcare ransomware attacks are causing patient deaths, according to a new survey of 579 cybersecurity professionals.
Here are seven things to know from the Jan. 18 study from the Ponemon Institute research group and cybersecurity firm Censinet, which surveyed IT experts from hospitals, health systems, physician groups and payers:
1. More than 1 in 5 respondents said ransomware attacks had an adverse impact on patient mortality rates.
2. Forty-five percent of those surveyed said ransomware events increased complications from medical procedures, up from 36 percent in a similar study from 2021.
3. About half (47 percent) said they experienced a ransomware attack in the past two years, an increase from 43 percent in 2021. Of those, 46 percent said it was caused by a third party, compared to 36 percent in 2021.
4. Sixty-seven percent of organizations pay ransom after an attack, with an average payment of $352,541.
5. Fifty-three percent said the attacks resulted in interruption to patient care, with patients having to be transferred or diverted to other facilities in 70 percent of cases.
6. The average duration of disruptions is 35 days.
7. Sixty percent of respondents said their organization has a business continuity plan in place, including a planned system outage, while a third of respondents said their organization is spending more money to plan for ransomware events, both increases from 2021.