Ransomware attacks and data breaches targeting hospitals may cause a higher mortality rate among heart patients in the months and years after an incident, Vanderbilt University researchers report, as breach remediation time interferes with patient care and outcomes.
Researchers with Vanderbilt's Owen Graduate School of Management analyzed healthcare data breaches recorded by the Department of Health and Human Services (HHS). They investigated patient mortality rates at more than 3,000 Medicare-certified hospitals between 2012 and 2016, 10% of which had reported a data breach. They found attackers are not directly controlling medication; rather, hospitals' approach to breach remediation is slowing down doctors, nurses, and other healthcare practitioners responsible for cardiac care, according to an article on PBS NewsHour.
Specifically, the researchers wanted to know two factors: the time it takes for a patient with chest pain to get from an emergency room to receiving an electrocardiogram (EKG) reading, and the 30-day mortality rate for heart attacks. They learned the time it takes for someone to receive an EKG increased by up to 2.7 minutes after a breach. Further, this delay stayed as high as two minutes even three to four years after a breach occurred.
At the hundreds of hospitals in this study that reported data breaches, there were as many as 36 additional deaths per 10,000 heart attacks each year. It's worth noting heart attacks are among the most common medical emergencies in the US: According to PBS, 735,000 Americans suffer one every year. The number of healthcare institutions affected by data breaches rose 20% in 2019, affecting medical records of 30 million health care customers – the most since 2015.
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "What a Security Products Blacklist Means for End Users and Integrators."