Great study released. Thought I would share it with y'all.
Click to access pfpt-us-tr-cyber-insecurity-healthcare-ponemon-report.pdf
Today in health, it cyber incidents in healthcare, the cost and impact on patient safety and care. My name is bill Russell. I'm a former CIO for a 16 hospital system and creator of this week health, a set of channels dedicated to keeping health it staff current. And engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders, Gordian dynamics, Quill health tau site nuance.
Kanan medical and current health. Check them out at this week. health.com/today. All right, we have a webinar on Thursday of this week. From one. To two o'clock Eastern time. And it's on this topic. It's on this topic of cyber incidents. And healthcare and the cost and impact on patient safety and care. I'd love to have you join us. Hit our website this week called.com. Top right hand corner.
You can sign up, give us your questions ahead of time. We have a great panel to discuss this. And we are going to look at, , what's , what's going on and how does this really impact the patient? , today, we're going to look at a study which really kicked off this discussion and conversation.
And is loaded with information. If you're doing presentations on cybersecurity. You're gonna want to grab this study. Because it just has a ton of information. So the purpose of the research is to understand. The cybersecurity threats, targeting healthcare organizations and the cost of responding. Two attacks that can endanger patients safety and care. So you have really three aspects, right? Understand the threats.
That are targeting healthcare. The cost of responding and how it's impacting patient safety. And just again, chock full of, , information, 89% of organizations in the research had at least one cyber attack over the last 12 months.
The report analyzers four types of cyber attacks and their impact on healthcare organizations, patient safety and patient care delivery. As we said, cloud compromise, 75% of respondents say their organizations are vulnerable to cloud compromise in the past two years, 54%. I've responded. Say their organizations experience, at least one cloud compromise organizations.
Within this group experience an average of 22 such compromises in the past two years. A ransomware. We obviously we all know what ransomware is. 72% of respondents believe their organizations are vulnerable. To a ransomware attack. Supply chain attacks. 71% of the respondents say their organizations are vulnerable to supply chain attacks.
50% of the respondents say their organizations experience at least one attack against their supply chain in the past two And then business. Email compromise, spoofing, phishing, et cetera. ,
these attacks encompass a wide range of impersonation tactics, such as spoofing fishing. You get the picture. , we all know what is going on there as well. An important part of the research is exploring how cyber attacks affect patient safety and care. Delivery
An important part of the research is exploring how cyber attacks affect patient safety and care delivery. 50% of respondents say their organizations had an attack against its supply chain. 70% of these respondents say disruptive patient care. The consequences includes delay in procedures and tests that resulted in poor outcomes, such as an increase.
In the severity of an illness, another consequence was longer length of stay 51%. , 23% of respondents say there was an increase in mortality rate. So. That's probably the worst outcome. Let's see. It's 67% of respondents say that the, , business email compromise attacks. And or ransomware attack against the organizations disrupted patient care. 21% of the respondents say those incidents, and 24%.
Of, , respondents say ransomware increases the mortality rate. Ransomware attacks are more likely than the other types of attacks to hurt patient safety. As we know. And technologies such as cloud mobile, big data and IOT increase the risk of patient information and safety, according to 67% of respondents. I'm not sure that, let me think about that. All right.
Obviously we had the cloud outage around Kronos. I'm not sure that impacted patient safety. I'm trying to think of what cloud, I mean, I guess as we're moving the EHR up to the cloud and some other things. We could open it I with cloud, I'm more worried about Phi. And, , and privacy violations than I am.
, security risks right now, but that's not to say that you don't need to architect for it. I'm just saying. , I'm not sure that's our biggest risk in this area. Other key takeaways from the report
insecure medical devices and mobile apps are considered among the top cyber security concerns in healthcare. That's interesting. , I'm not sure I would agree with that. I think our, , biggest cybersecurity concerns in healthcare. R, , ransomware attacks, , and fishing and whatnot. Now, I guess we've identified those.
When they identify medical devices and mobile apps. What they're saying is these are areas that we have not invested in to cover. And again, I'm not sure why that's the case. There's many , solutions out there for medical devices, , mitigate. Order and other things out there for. , really
Monitoring those vices, knowing what you have. , and then of course, , being able to segment those, , devices off. In the case of an issue. So, , , I understand why it's on that list, but there are ways around it. Mobile apps. , I have to think about that again as well. , , the biggest mobile app is going to be my chart or, ,
Or the portal period is going to be the biggest app that a healthcare system is using. And I guess there are, , a myriad of others, but at the end of the day, I'm not I would put those in the, , biggest attack vector to healthcare. Organizations use a combination of approaches to user access Identity management in the cloud.
And I think that whole idea of identity management is probably one of the things. That we need to get our arms around. , , we have identity is the new perimeter and do we have the right identity strategies? Clearly we're doing dual factor authentication and those kinds of things, but do we really have identity from one end to the other?
And how are we making that identity part of our, , our, , security perimeter, if you will, the lack of preparedness puts healthcare organizations and patients at risk. , we do table top exercises. Hopefully you're doing tabletop exercises. If you're not. , that needs to start right away.
, but then there's some other strategies and tactics that we need to start thinking about, like taking first shift outages. It's interesting. How many of these tests and whatnot we do , On the second and third shifts. And they're really good at outages. In fact, , they know how to operate on paper and they're, they function really well. And the first shift never has to function on paper
because that's where the majority of our revenues coming in and, , the patients are coming in and all those things. So we make sure that the systems function during that time. Plus the majority of our staff is there. , To make sure it doesn't go down. So, , , preparedness, understanding the fact that a lot of your clinicians haven't operated on paper. It was interesting talking to a health system that went through a ransomware attack.
And their physicians have been trained on paper. Think about that, they're young enough that they've never really had to operate on paper. And they, , they just they're like, okay, thanks for this piece of paper. What am I supposed to write on it? And how's this information going to get into the medical record when we're done and all that stuff. So there's some training that needs to go into that.
, lack of in-house expertise, staffing and collaboration with other functions are challenging to having an effective cybersecurity posture. Lack of in-house expertise, staffing and collaboration. I guess we're talking about the fact that we're understaffed. , , insurance ensuring security without diminishing user productivity.
Is considered essential to organization cybersecurity strategy. So. , we want to have security, but we want it to be as unintrusive as possible. On the end user and their productivity, that is an admirable goal, but should not limit us in terms of what we actually do. , training and awareness programs and monitoring employees are top two steps taken to reduce the insider risk. That insider risk to me is one of the scarier things that's going
And, , let's see, what's the last finding or not last finding takeaways. As part of the cybersecurity strategy, 60% of respondents say their organizations use threat intelligence. That's awesome. So, , there's a whole bunch of, , just great. , chart's in here. And, , top six cybersecurity threats of greatest concern.
, 51% of respondents say their organizations had an average of three rents, more attacks in the past two years, 50% of respondents say their organizations had an attack against their supply chain. Frequency of attacks in the past two years. Great chart , Let's see cyber-attacks I have disrupted carry increasing the risks of patients. Did these cyber attacks disrupt patient care?
And they have the types of attacks, then they have the types of impact. On patients and that's the. , that's the topic of my poll for Monday. So if you get a chance to go out to LinkedIn and see our Monday poll, it really is around. The impact on patients and they have, , a bunch of them here delays in procedures and tests.
Result in poor outcomes, longer length of stay increase in patients transferred. We're delivered to other facilities, increase in complications from medical procedures, increase in mortality rate, so forth and so on. So a lot of great information in this love to have you guys join us for the webinar. It's going to be.
, really fun. I don't know fund's the right word, but we're going to make it fun. , conversation around this topic, but
If it's not fun, it'll definitely be informative. And that's what we're going to strive to do is get that conversation started so that you can take that information back. Into your health system and, , hopefully move things forward. All right. That's all for today. If someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher.
You get the picture. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. Gordian dynamics, Quill health. So site nuance, Canon medical, and 📍 current health. Check them out at this week. health.com/today. Thanks for listening. That's all for now