Healthcare Cyber Incidents Increase Mortality

Healthcare cyber risk is now a clinical risk. A new Proofpoint–Ponemon survey, summarized by MLO managing editor Erin Brady, finds that cyber incidents aren’t just delaying appointments; they’re disrupting care and, in some cases, increasing mortality.

Among 677 U.S. healthcare IT and security respondents, nearly three in four organizations that suffered common attacks (ransomware, supply-chain compromise, cloud/account takeovers, BEC) reported patient-care disruption. Supply-chain incidents were most likely to impact care, while cloud/account compromises resulted in patient deaths in 36% of reported incidents. On average, respondents experienced 43 attacks in the past year; 96% reported at least two data-loss/exfiltration events over the past two years, with 60% of data loss caused by employee error.

For IT leaders, the signal is to treat identity, inbox, and vendor ecosystems as patient-safety controls. Priorities emerging from the data include:

• Tighten controls against cloud/account takeover (strong MFA, session monitoring, least-privilege)
• Harden email/DLP and collaboration tools where human error drives loss
• Elevate third-party/supply-chain security into business-continuity planning.
• Build metrics that tie cyber readiness to clinical operations (procedure delays, diversion rates, length of stay)
• Pressure-test response with tabletop drills that include clinical, IT/OT, and vendor stakeholders.

The takeaway: move from “IT outage” framing to “continuity of care” governance, because that’s how boards, regulators, and front-line staff are already experiencing the impact.