Hospitals experiencing cyberattacks had worse patient outcomes than those that were not being impacted by cybersecurity incidents, according to a yet to be published Cybersecurity and Infrastructure Security Agency analysis reported by The Verge
researchers found that health care providers affected by the University of Vermont Health Network ransomware attack last October reached inflection point of capacity concerns translating into elevated death rates earlier and longer, compared with those that were not hit by the attack.
"You're reaching that danger zone where you're going to see excess deaths two, four, and six weeks later more quickly. Water is wet, fire is hot, and we can now tell that cyber disruption introduces degraded or delayed patient care," said CISA Senior Adviser Josh Corman, who added that the findings may still be true without the COVID-19 pandemic.
The findings could prompt increased urgency for health care providers to bolster their cybersecurity, said Northwell Health Chief Quality Officer Mark Jarrett.
"Clinicians in general tend to think of this as an information technology issue, and it really isn't. It's a patient safety issue," Jarrett said.