Cynerio Data Confirms: Attacked Hospitals Usually Get Victimized Again
Cynerio launched in 2017 based on a combination of cybersecurity knowledge, awareness of the rapidly growing IoMT field, and the likelihood that far more vulnerabilities existed in those devices than were widely known. Two years later our worst fears were realized when cybercriminals targeted over-stressed hospitals in the middle of the Coronavirus pandemic due to their lagging cybersecurity infrastructure and willingness to pay ransoms.
As the pandemic wore on, the number of attacks increased. Thankfully, so did research into why, how and with what methods hospitals were being attacked. In September 2021 Ponemon conducted the first in-depth study of these attacks in The Impact of Ransomware on Healthcare During COVID-19 and Beyond report. Among the insight provided was the role that connected devices played in ransomware attacks - identified as a far higher than expected root cause of attacks 21% of the time.
As time passed the attacks became more frequent. The United States healthcare system alone faces an annual burden of nearly $21 billion due to the attacks, pays well over $100 million in ransoms and is beginning to acknowledge the tragic reality of directly attributable higher mortality rates. For every headline related to cyberattacks on Scripps or UVM there are likely hundreds more that go unreported.
In January 2022 Cynerio released a research report that further documented the widespread numbers and types of risks connected medical devices face. In May 2022, CISA Senior Advisor Joshua Corman further documented the rising risks during a Senate HELP Committee hearing. And now in August 2022, Cynerio has teamed with Ponemon Institute to dive even deeper into the impact of insecure medical devices on hospitals and patients in our Insecurity of Connected Devices in Healthcare 2022.
Throughout this report you will find numbers that are difficult to absorb. 43% of respondents experienced at least one ransomware attack. 88% of cyberattacks involve an IoMT device. The average data breach cost is well over $1 million. Tragically, 24% of attacks result in increased mortality rates. It will be easy to ask “why aren’t the hospitals doing more to protect patients?”, but first consider the current landscape of most hospitals - battling an epidemic with exhausted staff, strained resources, limited cybersecurity expertise and massive bullseyes making them easy targets.
Instead, ask what can be done by everyone else the hospitals rely on - the technologists, politicians, regulators and reporters who write the narrative that the broader population relies on. The solutions lie not in harder work or more dedicated healthcare professionals. They lie in better funding, improved guidance, better best practices and a consolidated effort to fight the cybercriminals that are driven by revenue but leave far more morbid results.