The costs associated with cyber risk mitigation are more expensive for not-for-profit hospitals, according to an Aug. 29 report from Fitch Ratings.
Cyberattacks can affect the quality of care by affecting medical devices or denying access to patient data. According to a September 2021 survey and report from the Ponemon Institute and Censient, ransomware attacks resulted in delays and increased lengths of stay in most cases, and medical complications and higher mortality rates in rarer cases.
Across the healthcare sector, spending on cyber risk mitigation is likely insufficient, according to the report from Fitch Ratings.
Cyberattacks are increasing in severity, according to the HHS. In 2021 the healthcare sector reported 713 breaches that cost more than $6.5 billion and affected about 46 million individuals, compared to 642 breaches affecting about 29 million people in 2020.
Cyber risk mitigation is becoming more expensive due to increased attacks. Hospitals are a major target of ransomware attacks because of the critical services they provide and the sensitive nature of patient information they hold. According to a survey by cybersecurity firm Sophos, 66 percent of healthcare organizations were victims of ransomware attacks in 2021, up 34 percent from the previous year.
The healthcare sector has the highest average cost of a data breach of all U.S. economic sectors at $9.2 million, a 30 percent increase over the prior year. According to the report, hospitals and healthcare systems should prioritize investments in their hardware, software, and internal controls to prevent and prepare for cyber breaches.
The May 2021 Government Accountability Office Cyber Insurance Study found the cost of cyber insurance premiums rose for all sectors by 10 percent to 30 percent in 2020 compared with the previous year.
Not-for-profit hospitals experience ongoing cost pressures and report thinner margins, which requires them to contain costs and increase revenues, indicating that cybersecurity spending may not be prioritized.