We all know by now that cyber risk is not just an “IT issue,” but rather it is an enterprise risk issue. Cyberattacks represent a potential risk to every function in health care organizations, making them a serious threat to patient care and safety. Cyberattacks, such as high-impact ransomware attacks, disrupt or delay patient care. They not only present a risk to patients who are in the hospital, but also to the entire community. Community members depend on the availability of their local hospital and emergency department for urgent care, such as in heart attack, stroke and trauma cases. The bottom line is that when hospitals are attacked, lives are threatened.
Ransomware attacks also have disruptive cascading and wide-ranging effects throughout a region. The resulting “ransomware blast radius” may be felt by every hospital, clinic and emergency department in the entire region as ambulances and patients are diverted to other surrounding hospitals, sometimes for weeks on end. Emergency departments, clinics and cancer treatment centers may reach or exceed capacity — further disrupting or delaying care delivery on a regional basis and increasing the risk of patient harm.
