Survey: Ransomware attacks impact patient outcomes at half of healthcare facilities

The purpose of this research is to provide an update to the industry’s first study on the impact of ransomware on patient safety, titled The Impact of Ransomware on Healthcare During COVID-19 and Beyond, September 2021. That seminal study qualitatively demonstrated a correlation between ransomware and various impacts to patient care, including increased patient transfers/diversions, delays in procedures and tests, increased complications from medical procedures, and higher mortality rates. This updated study, according to survey respondents, shows ransomware continues to impact patient care, and seeks to understand how cybersecurity peer benchmarking can help healthcare organizations strengthen their cybersecurity posture to help reduce the risk of a ransomware attack and its potential impact on patient care.

Ponemon Institute and Censinet will present the details of the independent research report in an upcoming webinar, “The Impact of Ransomware on Patient Safety and the Value of Cybersecurity Benchmarking.” It will be presented live on January 24 at 12:00 PM ET and features myself and and Ed Gaudet.

As shown in the 2021 study sponsored by Censinet, 61 percent of respondents were not confident, or had no confidence, in their ability to mitigate the risks of ransomware. In this year’s study, also sponsored by Censinet, more organizations experienced a ransomware attack and an increasing number of these attacks are caused by poor cybersecurity controls internally and at third-party vendors and products. In addition to the impact of ransomware on patient safety, this study explores the importance of cybersecurity peer benchmarking and third party risk management to reduce cyber threats such as ransomware.

Our findings indicate that Hospital IT/Security personnel continue to believe ransomware has a broad and adverse impact on patient care. With ransomware growing exponentially and most organizations under constant threat, this report also explores how peer benchmarking improves an HDO’s cybersecurity program effectiveness, including its decision-making, hiring, and resource allocation.”

The two-year trend in ransomware attacks

This research is unique because it tracks how healthcare organizations and patient care have been impacted by ransomware attacks since 2021. The following findings demonstrate that ransomware continues to be a growing problem for the industry.

  • Ransomware attacks are on the rise. Almost half of respondents (47 percent) say their organizations experienced a ransomware attack in the past two years, an increase from 43 percent in 2021. In the past two years, 93 percent of these respondents experienced at least one (65 percent) or between two and five ransomware attacks (28 percent).
  • Third-party ransomware attacks have increased significantly. Of the 47 percent of respondents who reported a ransomware attack, 46 percent say it was caused by a third party, an increase from 36 percent in 2021. This finding indicates the importance of having policies and practices in place to proactively assess third party risk, remediate identified security gaps, and quickly respond to and recover from a third party-driven ransomware attack.
  • More organizations are paying ransomware. Sixty-seven percent of respondents, an increase from 60 percent, say their organizations are paying ransom. The average ransom payment has increased from $282,675 to $352,541 in the past two years. The average duration of disruptions caused by ransomware attacks has not improved and can last more than one month (35 days). 
  • More patients are adversely affected by ransomware attacks. Fifty-three percent of respondents in organizations that had a ransomware attack say it resulted in a disruption in patient care. Complications from medical procedures due to ransomware attacks increased significantly from 36 percent of respondents to 45 percent of respondents. The most prevalent impact was an increase in patients transferred or diverted to other facilities from 65 percent of respondents last year to 70 percent of respondents this year. In addition, 21 percent of respondents say ransomware has an adverse impact on patient mortality rates. 
  • Business continuity plans are increasingly the most important step to preparing for a ransomware attack. Sixty percent of respondents say their organizations have a business continuity plan that includes a planned system outage in the event of a ransomware attack, an increase from 54 percent of respondents. Also, 33 percent of respondents say their organization is increasing funds to deal with a potential ransomware attack, an increase from 23 percent in the previous study. 


Benchmarking the effectiveness of cybersecurity programs is considered important and valuable.

 As ransomware attacks increase, an effective cybersecurity program is critical. According to the findings, respondents agree that peer benchmarking is both valuable and important.

  • Benchmarking is very valuable in demonstrating cybersecurity program effectiveness, according to 78 percent of respondents. Benchmarking is also valuable when demonstrating cybersecurity framework coverage/compliance (61 percent of respondents) and improving cybersecurity programs (52 percent of respondents). 
  • Benchmarking improves cybersecurity program decision making. Another important value of benchmarking is to make better, data-driven decisions (53 percent of respondents) followed by the ability to demonstrate effectiveness of benchmarking program investments (48 percent of respondents). 
  • Benchmarking is important to making the business case for hiring cyber staff and purchasing technologies, according to 69 percent and 60 percent of respondents respectively. Fifty-seven percent of respondents say benchmarking is valuable when making investment decisions in the cybersecurity program. 
  • Benchmarking is important when establishing cybersecurity program goals, according to 67 percent of respondents. These metrics are also helpful in responding to and recovering from ransomware attacks, according to 51 percent of respondents

“The findings in this year’s Ponemon report are, unfortunately, not surprising as ransomware continues to shut down hospital operations and disrupt care at an alarming rate,” said Ed Gaudet, CEO and Founder of Censinet. “With patient safety in jeopardy and ‘asymmetric warfare’ no longer hyperbole to describe the situation, this report highlights the continued threats while introducing new approaches to creating rigorous, robust, and continuous cyber programs that protect patients.”

To read the entire report, visit Censinet’s website

Leave a Reply

Your email address will not be published. Required fields are marked *