Cost of cyberattacks significantly higher for smaller healthcare organizations

Cyberattacks and ransomware cost medium-sized healthcare institutions significantly more than larger organizations, with the average cost of a shutdown caused by a cyber incident exceeding $440,000 for smaller organizations versus $130,000 for larger institutions, a new report shows.

bout half of all healthcare organizations—42% of mid-size practices and 61% of large organizations—had an unplanned shutdown of medical devices or equipment due to an external attack in the past six months. Despite that, most respondents believe they have enough staff for enterprise cybersecurity, with 61% of mid-sized and 69% of large healthcare organizations saying staffing is at least adequate,  according to a survey published by medical-infrastructure protection firm CyberMDX.

Overall, the report highlights that, while attacks have increased, companies—especially mid-sized hospitals—have not adapted, says Azi Cohen, CEO of CyberMDX.

While only a minority of respondents revealed their IT and security budgets, the survey found that the average mid-sized hospital spends $3.5 million, and the average large hospital about $3.1 million, on their IT budget.  About $300,000, or about 8% to 11% of that, is spent on securing medical devices and connected equipment. On average, about $617,000 is spent on cybersecurity compliance, which about half find insufficient for their mission, the report stated.

“The report is saying they feel the pain of an attack more,” he says. “They estimate their losses or costs to be higher than large hospitals—so it’s not about spend, it’s about cost. We don’t know why but can make an assumption that with fewer staff and resources they have a heavier load to bear and that creates more to do and a higher cost.”

To read the complete article, visit Dark Reading.