Understanding a growing threat: The importance of cybersecurity in healthcare

Healthcare providers and facilities of every size are increasingly being targeted by cybercriminals and falling victim to ransomware attacks, data breaches, and a host of other potentially crippling cybersecurity incidents. In May 2023, 44-bed Mountain View Hospital and 88-bed Idaho Falls Community Hospital (IFC) and their affiliated clinics—which are in rural areas and share the same campus—were victims of a cybersecurity attack that resulted in the facilities having to take their IT system offline, resorting to using paper records, closing some clinics, and diverting ambulances from IFC’s emergency room.[1] It took over two weeks for the hospitals to resume accepting ambulances, and still longer for the hospitals and clinics to resume normal operations. With a population of roughly 68,000, Idaho Falls’ residents have endured disproportionate impacts arising from the cyberattack since healthcare resources in rural communities are simply less abundant compared to more developed urban areas.

More recently, in August 2023, Prospect Medical Holdings—a private equity firm that operates 16 hospitals and over 165 other clinical facilities in California, Connecticut, Rhode Island, and Pennsylvania—was the victim of a cyberattack that took out critical computer systems for several weeks. As a result, the multistate system had to close some emergency rooms, divert ambulances, and revert to paper charting, as well as cancel elective surgeries, outpatient appointments, and blood drives.[2]

According to IBM Security’s Cost of a Data Breach Report 2023, since 2020, healthcare data breach costs have increased 53.3%, with an average cost of USD $10.93 million per breach.[3] In the first six months of 2023, there were 395 data breaches of 500 or more records reported by healthcare providers to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).[4] In August 2023 alone, OCR initiated 18 investigations into data incidents involving eight healthcare providers and seven health plans.

Cyberattacks can have wide-ranging and severe impacts on healthcare systems, resulting in damage to patient health and privacy, costly disruptions to operations, and demanding regulatory consequences. Cybercriminals target healthcare providers and facilities because of the amount and type of information and data they can access.[5] But what exactly does all this mean, and what steps can be taken to address cyberattack concerns?

This article will review a range of cybersecurity incidents, certain consequences of cybersecurity incidents, what regulatory and other governmental responses have been taken, and what compliance professionals and providers can do to help avoid and mitigate the effects of cyberattacks.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field