Topics
Reimbursement
Elevance, UnitedHealth among insurers accused of alleged price fixing
Elevance, UnitedHealth among insurers accused of alleged price fixing
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
University Hospitals expanding with $3.2 million donation
University Hospitals expanding with $3.2M donation
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Planned Parenthood, other groups decry executive power in House bill
Planned Parenthood, other groups decry House bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Almost a quarter of Americans underinsured, survey finds
Survey: Almost a quarter of Americans underinsured
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
CerpassRx, Waltz team on AI platform to manage specialty drug spend
CerpassRx, Waltz team on AI to manage specialty drug spend
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth prescribing of controlled drugs extended through 2025
Telehealth prescribing of controlled drugs extended
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Sep 17, 2019 More on Quality and Safety

Hospitals face rising risk of sophisticated cyberattacks

To date, attacks have led to patient data being exposed; Going forward, attackers will seek to disrupt hospitals' operations, Moody's says.

Mark Klimek

Increasingly sophisticated cyberattacks will pose significant threats to hospitals' operations and revenues, as well as risks to patient safety that will expose more hospitals to malpractice accusations and lawsuits, according to a recent report by credit rating agency Moody's Investors Service.

Small hospitals that lack resources and modern technology will be the most vulnerable to attacks, the report finds.

WHY THIS MATTERS

The healthcare sector's reliance on confidential information and technology puts it at tremendous risk for cyberattacks that could greatly damage hospitals' finances.

As the industry continues to move toward digitalization and data-sharing, the number of infiltration points for cyberattacks will grow.

Any attack that impairs connected electronic devices or programs can delay care, which can be fatal in critical situations. The biggest issue for hospitals will be threats that jeopardize patient safety and result in harm or death -- exposing hospitals to malpractice accusations and lawsuits.

Among the biggest risks: Attacks against connected medical devices such as insulin pumps, defibrillators and cardiac monitors, which are now entrenched in remote monitoring and require constant updating and patching.

Cyberattacks that compromise hospitals' electronic medical records will cause the greatest disruption by affecting hospitals' revenue cycle and disrupting cash flow in the most severe cases, the report said.

One example is ransomware attacks, in which data and systems are held hostage until the hospital pays a ransom. So far, disruptions from ransomware have been limited. But a prolonged disruption could affect margins and scheduling of procedures, and may result in the permanent loss of patient records.

Hospitals with strong risk management will be more able to respond to a major disruption. Hospital management teams are taking cyber risk management steps such as developing contingency plans to ensure patient care, employing dedicated cybersecurity staff to address threats, and conducting phishing exercises and other employee training to help prevent attacks from getting through.

However, the capacity to take these and other actions will vary--with smaller hospitals being more vulnerable. Additionally, a shortage of qualified talent will remain a challenge across the sector.

THE RESEARCH

Moody's latest research into the hospital sector reveals some key findings.

Hospitals are highly vulnerable to cyberattacks with a high potential to create financial disruptions.

The interconnectedness of hospital operations and IT makes the hospital sector highly vulnerable to cyberattacks such as ransomware, malware, email phishing and infiltration through online medical devices.

The negative impacts of cyberattacks on hospitals' operations, finances and reputations are also high.

While all hospitals will be face cybersecurity threats, smaller hospitals, especially critical access hospitals, will be the most vulnerable because they typically lack the resources for dedicated cybersecurity experts and often use dated, easily compromised technology.

Cyberattacks that result in operational disruptions -- not data breaches -- present the greatest risk. To date, attacks that have led to sensitive patient data being exposed or stolen are the most common types of attacks reported by hospitals. Going forward, however, attackers will increasingly seek to disrupt hospitals' operations, Moody's said, which will jeopardize patient safety and have a significant financial impact.

THE LARGER TREND

Beazley Breach Insights found that healthcare is the industry most targeted by cyber criminals, accounting for 41 percent of all breaches reported to the firm last year. Roughly one-third of the breaches were related to hacking or malware attacks, with another 31 percent caused by accidental exposure.

Health providers will spend an estimated $408 per each lost or stolen patient record--about three times more than other sectors.

Despite the threats, healthcare has been behind other sectors in taking security measures. Just four to seven percent of a health system's IT budget is in cybersecurity, compared to about 15% for other sectors such as the financial industry.

Ransomware attacks on healthcare companies have been on the rise for some time now. The 2018 SamSam virus breached Allscripts' data centers last year, then attacked Hancock Health and Adams Memorial, two Indiana providers. It's estimated that the hackers behind SamSam have made more than $6 million since 2015.

Meanwhile, the WannaCry ransomware worm that attacked hospitals in 2017 and disrupted patient care remains "very aggressive in its ability to spread."

ON THE RECORD

"The biggest type of risk is basically any cyber event that causes a disruption to operations, that delays patient care or jeopardizes patent safety, which could potentially result in physical harm to a patient. These are the types of events that can really open up a hospital to malpractice accusations and lawsuits," says Jenn Barr, healthcare analyst at Moody's Investors Service.

Mark Klimek is an independent writer and editor with 20 years' experience covering financial issues, healthcare and more.
 

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.