How Hospitals Can Prepare For Cyber Attacks

Published on: October 27, 2022

Ransomware hacks are where online attackers encrypt computer networks and demand ransom to make them functional again. These attacks have been a growing concern for businesses in all industries; however, they can be particularly devastating to the healthcare industry, where lives are on the line. Ransomware is one method that hackers use to infiltrate a hospital’s network and steal patient information.

While cyber-attacks are becoming more frequent, sophisticated, and costly, hospital leaders must do everything they can to prepare for these threats before they happen.

Attacks Are Becoming More Frequent, Sophisticated, And Costly

More Frequent

Cybercrime is increasing. According to a recent study by the Ponemon Institute, 74% of healthcare organizations have been hit by ransomware attacks. This number is higher than any other industry and indicates hospitals’ growing threat level today. Hospitals are prime targets for cyber-attacks and are attractive to hackers because they tend to store sensitive patient data. According to cybersecurity firm Sophos, the attacks on healthcare organizations increased by a whopping 94% between 2021 and 2022.

Small Clinics Are At Increased Risk

Cyber-attackers have switched their focus from large healthcare systems to smaller hospitals, as they have fewer resources to defend themselves against attacks. Breaches in specialty clinics rose from 23% in 2021 to 31% in 2022.

More Sophisticated

Cyber attacks are also becoming more sophisticated. Hackers are now stealing valuable intellectual property from research facilities, selling patient data on the black market for financial gain, and even blackmailing hospitals with threats of releasing sensitive information unless a large sum is paid upfront.

More Costly

Attacks are becoming more costly. In fact, according to data from the Center for Strategic and International Studies (CSIS), cybercrime cost $445 billion in 2017—a 23% increase from 2016. According to the Ponemon Institute report, threat incidents have risen over the past two years, with costs per incident up to $15.38 million.

And that’s just financial losses; it doesn’t consider lost productivity due to ransomware or other consequences of an attack like data breaches or reputational damage.

CISA and others advise hospitals against paying ransoms, but providers often feel they have no choice. In 2021, 61% of the attacked healthcare organizations paid the ransom. When lives are at stake, it makes the decision very easy.

Cyber Attack Preparation Needs To Be A Priority

While cybercrime can be a frightening prospect, it’s essential to remember that the damage incurred is often not just financial. The study by the Ponemon Institute found that 70% of surveyed medical organizations reported experiencing a significant data breach over the previous two years. Of these breaches, 63% were caused by human error (i.e., someone leaving a laptop unsecured).

The impact on patient health information is even more problematic: More than half of respondents said that their organization had seen an increase in patients whose personal health information had been compromised due to cybersecurity incidents over the past two years.

Cyber Attacks Shouldn’t Be Seen As A ‘One And Done’ Situation

As the healthcare industry grows and evolves, so do cyber-attacks. Hospital cyber-attacks are growing worldwide, which should compel hospital leaders to consider how they can best prepare for these events and protect patient health information. The recent attack on Hillel Yaffe Medical Center’s Laundry Service is just one example of how cyber-attacks can affect a hospital’s bottom line—and it won’t be the last incident that causes hospitals to lose money.

In October 2021, an attack on Hillel Yaffe Medical Center’s laundry service systems affected all departments and automated procedures, including the hospital’s 15 Polytex units. Within hours Employees’ magnetic cards no longer worked, blocking them from returning used uniforms or getting clean ones.

To combat the situation, the medical center ended its reliance on the hospital IT systems, which continued to be disrupted. They contacted Polytex and began the internal approval process to upgrade to the latest version of Polytex software, Total Care Manager: Version 8 (PM8).

“When I write my annual summary this year, it will be all about Polytex and the cyberattack, what happened, and how Polytex saved us by moving us to the cloud.” – Limor Yaacov Bar Or, Textile Manager at Hillel Yaffe Medical Center

How To Prepare For Cyber Attacks

To prepare for cyber-attacks, hospitals can take a few approaches. They can invest heavily in cyber-security with an IT staff at the helm. This, however, isn’t always feasible as it’s resource-heavy, and hospitals have other priorities. Another option is to get off the grid as much as possible. This isn’t always realistic as states set legislation that moves data from analog to digital.

A combined solution–in-house IT and compliant vendors with specialty services, is the best way to mitigate cyber-attack risks.

Proactive In-House IT And Specialized Vendors

A solution that combines proactive in-house IT and specialized vendors like Polytex can provide highly advanced cyber security to ensure operations run smoothly.

Hillel Yaffe Medical Center leaders no longer have to worry about data security or coming in on their day off to put out “fires.” With Polytex Total-Care Manager, they have peace of mind all the time.

As Total Care Manager: Version 8 does not rely on the hospital‘s IT network, Hillel Yaffe‘s Polytex units are protected from cyber-attacks that target hospital systems.

The Hillel Yaffe team also values the freedom to resolve issues remotely with our cyber-secured cloud infrastructure, which is robust and fully scalable from anywhere. The frequent backups, recovery plans, and multilevel threat protection are just icing on the cake.

The Polytex cloud platform ensures your machines and management applications are secure and always up-to-date.

  • Accessibility from any machine, anytime and anywhere.
  • Fast and straightforward configuration – no need for internal IT experts.
  • Realtime service and support & Proactive monitoring.
  • High availability with 24/7 server uptime.
  • Data Security: ISO27001 and SOC2 Type 2 Compliance.

Learn more about our solution here.