Light Dark
November 11, 2019 By David Bisson 2 min read

An academic study found that the death rate tied to cardiovascular issues increased in the months and years following healthcare cyberattacks on hospitals.

In a report available for download through the Wiley Online Library, researchers from Vanderbilt University and the University of Central Florida used a difference‐in‐differences regression to analyze the effect that healthcare cyberattacks had on the quality of medical treatment received by patients at victim medical organizations. They specifically measured “hospital quality” by analyzing the time between when patients suffering from cardiovascular issues first entered a facility and when they received an electrocardiogram. The study also tracked the mortality rate associated with acute myocardial infarctions, the medical term for heart attacks.

The researchers found that hospital quality suffered as a result of a data breach. Specifically, they found that hospital time-to-electrocardiogram increased as much as 2.7 minutes and that 30‐day acute myocardial infarction mortality grew by 0.36 percent over a three-year window following a security incident.

The Human Impact of Healthcare Cyberattacks

This study helps shed light on the types of risks that healthcare cyberattacks pose to patients. Mortality is the greatest consequence of these types of security events. Dr. Sung J. Choi, a researcher from the University of Central Florida who led the project, said in a session for the 2018 4A Data Security & Privacy conference that data breaches at medical organizations are responsible for causing 2,100 patient deaths each year, as Digital Guardian reported.

Even so, mortality isn’t the only repercussion. An Accenture survey found that a healthcare data breach on average resulted in digital criminals stealing about a quarter of affected consumers’ personal medical information. Fifty percent of those affected revealed that they then experienced medical identity theft, which subsequently cost them $2,500 out-of-pocket on top of their existing medical bills.

What Healthcare Organizations Can Do to Fight Back

Security professionals can help defend healthcare organizations against data breaches by cooperating with IT management to develop effective security measures and build incident response teams who can prevent security issues from growing into a breach. Organizations should also monitor all connected medical devices’ activity for suspicious behavior that might be indicative of an intrusion.

 |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

July 25, 2024

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

July 24, 2024

Crisis communication: What NOT to do

4 min read - Read the 1st blog in this series, Cybersecurity crisis communication: What to doWhen an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage.Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature