Pandemic Plus Ransomware Is 'Perfect Storm' for HealthcareLarry Ponemon of Ponemon Institute and Ed Gaudet of Censinet Discuss Patient Safety Study
Disturbing findings from a recent study examining the impact of ransomware attacks on patient care must serve as a wake-up call for the healthcare sector to intensify its preparedness to deal with such incidents, say Larry Ponemon of research firm Ponemon Institute and Ed Gaudet of security risk management firm Censinet. The two companies conducted and sponsored the research.
The study found that 22% of the respondents - who were all IT and security professionals at healthcare delivery organizations experiencing ransomware attacks - believe the incidents resulted in an increase in patient mortality.
In addition, 71% of the respondents reported that ransomware attacks resulted in longer lengths of stay for patients, 70% reported delays in procedures and tests, 65% reported an increase in patient transfers or facility diversions and 36% reported an increase in complications from medical procedures. (See: Patient Safety Concerns Grow Over Medical Gear Security.)
"These findings are very depressing, to be honest," Ponemon says in an interview with Information Security Media Group. "We were expecting we'd see significant findings in some of the answers, but 22% of respondents saying they had an increase in mortality rates - that is a scary finding."
A Wake-Up Call
The responses by survey participants were opinion-based and should not be interpreted as direct causal, Gaudet cautions in the same interview.
"However, the numbers are high, and even if they are directionally correct - and are only 1% - it's still a big number and a wake-up call for the industry," he says.
"This isn't a smoking gun, but may be a sign: 'Smoking gun this way.'"
The survey responses reflect how the pandemic played a role in the surge in ransomware attacks, Gaudet notes.
"Care is already being diverted based on the availability of beds at hospitals due to COVID and now you tack on ransomware attacks as well. It's the recipe for the perfect storm for cybersecurity and healthcare leaders," he says.
In the interview, Ponemon and Gaudet also discuss:
- Other findings from Ponemon's ransomware impact study;
- Recommendations based on the survey results;
- Recent ransomware attempts and attacks targeting the Ponemon Institute.
Ponemon is chairman and founder of the Ponemon Institute, a research firm. He has extensive insight into regulatory frameworks for managing privacy and data security, including financial services, healthcare, pharmaceutical, telecom and internet. Ponemon has also been a member of several federal and state privacy and security advisory committees.
Gaudet is CEO and founder of the consulting firm Censinet. With more than 30 years of software experience, he has spent the last 10 years helping healthcare providers modernize and automate their cyber risk and security infrastructure. He is a member of the Department of Health and Human Services' healthcare sector cybersecurity working group and various Health Sector Coordinating Council task groups, including for cybersecurity, supply chain risk management and emerging technology.