Image source: Adapted from “The Impact of Ransomware on Healthcare During COVID-19 and Beyond,” Ponemon Institute, September 2021
[Note: callout box added by Impact Advisors for emphasis]
Why It Matters:
There is far more information in the survey than we can cover here in this space, so we highly recommend reading the full report. The connection between a ransomware attack and adverse effects on patient care is obviously not surprising, but the scope of impact reported by hospitals and health systems speaks volumes. The fact that more than one in five respondents said they experienced an increase in mortality rate as a result of a ransomware attack should be a wake-up call for hospitals and health systems everywhere.
We think another alarming finding from the survey is the second chart above. A single hospital typically has thousands (in some cases even tens of thousands) of medical devices in their inventory, with potentially hundreds of different categories and subcategories of equipment – each with its own target refresh cycles, mix of vendors, and patient safety considerations. Many of those devices – particularly older ones – may not have been originally designed with information security in mind. With the number of network-enabled medical devices rapidly increasing, concerns about the “nightmare scenario” of a cybercriminal hacking into a device directly connected to a patient are at an all-time high. Despite those well-founded fears, the second chart above underscores that there are still basic foundational issues that need to be resolved at many provider organizations. Put bluntly, there is only so much risk that can be mitigated from an information security perspective if a hospital or health system doesn’t know the location or age of all the medical devices it owns.
Effective management of medical devices – whether responding to FDA recalls, accurately forecasting budget needs, or protecting against rapidly evolving cyber threats – requires a comprehensive, real-time enterprise device inventory that can fuel proactive, analytics-driven processes and provide an accurate depiction of overall risk.
Why Supply Chain Security Matters
Ransomware Protection Best Practices
This article was originally published in Impact Advisors’ digital newsletter: The Impact Advisor 4Q2021.