Cyberattacks remain a critical threat to healthcare, with consequences extending beyond data loss to operational disruption and patient harm. A survey conducted in 2023 among 653 IT and security professionals across healthcare organisations revealed that 88% had experienced at least one cyberattack in the previous year, with an average of 40 incidents. The most costly attack per organisation reached an average of $4,991,500 (€4.32 million). Two years later, the findings remain highly relevant: downtime, data breaches and supply chain vulnerabilities continue to undermine care delivery. Persistent gaps in skills, staffing and funding limit the sector’s ability to respond effectively, while cloud and email environments remain the most common points of exposure.
Escalating Costs and Attack Trends
The 2023 survey highlighted a steep rise in financial impact from cyber incidents, particularly due to system downtime and operational disruption. Interruptions to healthcare operations averaged $1.3 million (€1.13 million), while user downtime and lost productivity each cost about $1.1 million (€952,000). The expenditure required to restore patient care safety increased to $1,048,215 (€907,000), compared with $664,350 (€575,000) previously. Combined, these elements contributed to the $4,991,500 (€4.32 million) average total cost of the single most expensive event reported, encompassing direct labour, overhead and lost business opportunities.
Attack frequency and form were also shifting. Cloud compromise was the most frequent event, averaging 21 incidents over two years among affected organisations. Business email compromise (BEC) and spoofing phishing each rose to an average of five incidents. Ransomware and supply chain attacks averaged four each. Although fewer organisations paid ransoms, the average payment increased to $995,450 (€862,000).
Respondents ranked cloud compromise and BEC above insecure medical devices and ransomware as their top concerns. Worry over employee-owned devices also rose markedly. However, the deployment of defensive technologies did not progress evenly. Use of cloud access security broker (CASB) tools and encryption declined even as adoption of premium cloud security services increased.
Impact on Patient Care
The connection between cyber incidents and clinical disruption was clear. Among organisations affected by supply chain attacks, 77% reported impact on patient care. Delays in procedures and tests leading to poor outcomes, greater illness severity and longer hospital stays were the most cited consequences. Twenty-one percent of these organisations reported an increase in mortality rate.
The same trend appeared in BEC incidents. Of those affected, 69% reported disruption to patient care. The most common outcomes were delays in tests and procedures, followed by increased complications and longer lengths of stay. Ransomware attacks produced similar results, with 68% of organisations reporting adverse effects on care delivery, including extended hospitalisations and delayed interventions.
Cloud compromise was less likely to disrupt clinical operations but still presented significant risks. Forty-nine percent of affected organisations reported an impact on patient care, with nearly one-third citing increased complications from medical procedures and almost three in ten reporting higher mortality. These patterns underline the systemic vulnerability of healthcare systems, where any interruption—digital or operational—can quickly escalate into a patient safety issue.
Must Read: Cyber vs Disaster Recovery Reshapes Hospital Preparedness
Cloud Vulnerabilities and Data Protection Gaps
Cloud-based tools for collaboration and communication were repeatedly identified as the most attacked environments. Project management and videoconferencing platforms were each cited by 53% of respondents, along with file-sharing and email systems. While many organisations adopted premium cloud security services, the use of CASB, encryption, tokenisation and other cryptographic controls declined. Identity management approaches remained fragmented, often combining separate on-premises and cloud systems, with fewer organisations employing single sign-on than before.
Data loss and exfiltration incidents were widespread. Every organisation reported at least one incident involving sensitive or confidential healthcare data in the previous two years, averaging 19 in total. Malicious insiders were the leading cause, followed by accidental loss and policy violations. Forty-three percent reported that data loss or exfiltration affected patient care, with 46% citing increased mortality and 38% reporting more complications. Yet only 35% considered their data loss prevention measures highly effective against employee-related incidents, and 39% felt the same regarding malicious insiders.
Preparedness remained uneven across threat categories. While most organisations documented prevention and response measures for ransomware and cloud compromise, only 45% did so for BEC and supply chain incidents. Barriers to stronger protection included lack of in-house expertise (58%), insufficient staffing (50%) and limited budgets (47%). Security awareness programmes and monitoring efforts were expanding, alongside multi-factor authentication and identity management, but implementation still lagged behind the scale and complexity of attacks.
Two years after the survey, healthcare organisations continue to face the same underlying vulnerabilities identified in 2023. The costs of cyberattacks remain high, with operational disruption and downtime producing the most severe financial damage, while clinical repercussions persist through delayed procedures, extended hospital stays, complications and increased mortality. Widespread data loss and insider threats add further complexity as reliance on cloud-based collaboration grows. Despite improvements in awareness and identity management, prevention and response strategies for BEC and supply chain attacks remain incomplete. As healthcare systems move deeper into digital transformation, addressing skill shortages, strengthening controls and aligning defences with evolving threat patterns are essential steps toward safeguarding both operational continuity and patient safety.
Source: Ponemon Institute
Image Credit: iStock
