According to the HIPAA Journal, there is some good news: cyber crimes in the healthcare industry went down. A 5.71% reduction in reported breaches occurred from January to July 2022.
This means that some cyber strategies are working, but we must remain vigilant to deter ransomware groups. It’s important to note that the 10 biggest health data breaches reported to the federal government in the first six months of the year affected at least 500,000 people.
Below are some of the consequences data breaches have on the healthcare industry.
Risks to Patients
It’s often overlooked but cyberattacks pose serious risks to patients. What happens when a hospital goes offline after an incident?
Ambulances get diverted which can put patients at risk.
Important procedures like surgery, imagery and diagnostic services get delayed.
Patient care goes manual while systems are down, and patient records may be temporarily inaccessible.
Other hospitals in the area see an influx of patients, stretching their capacity.
Most ransomware gangs target hospitals, health systems, physician practices, and insurers looking for
Protected Health Information (PHI). This data is stored in many different locations, not just in electronic medical record systems. Sensitive patient information is included in documents, spreadsheets, billing systems, email accounts, and many other locations. The most common entry point for breached data is network servers. Healthcare organizations need to find better ways to secure PHI. In 2021, 45 million individuals were affected by healthcare cyberattacks. (Source: Fierce Healthcare)
High Price Tag
Although cyber attacks in healthcare are down, it costs more for organizations to recover. According to a recent IBM report, the average healthcare breach costs $10 million, which is up 9.4% from the same timeframe in 2021. IBM asserts that the healthcare industry endured the highest breach-related financial damages during the last 12 years compared to other sectors. Covering cyberattack expenses are one of the factors related to soaring healthcare costs.
What Can Be Done
At the end of the day, it’s about building cyber resilience that feeds into your DR plan. A strong recovery component should be the cornerstone of your program. Look to Recovery Point for recovery solutions and work with us on:
Cybersecurity risk mitigation with our proven security framework
Cyberattack recovery solutions (Tier 1/2+, air-gap, award-winning Business Process Resilience)
We help clients fight ransomware attacks with our 3-2-1-1-0 backup strategy:
- 3 copies of data
- 2 different media types
- 1 offsite copy
- 1 air-gapped copy
- 0 errors with Recovery Point’s managed BPR solution
Contact Recovery Point to learn more about your recovery options.
For more information, read this recent article from the DR Journal on Ransomware Doesn’t Have to Spell Disaster: Preparedness in Five Steps.