Skip to main content

Fitch: 'Relentless' Cyber Attacks Pressuring Nonprofit Hospital Operations

Analysis  |  By Jack O'Brien  
   July 23, 2021

The move towards remote work provided hackers with more opportunities to infiltrate healthcare organizations, according to Fitch.

Continuous threats from ongoing cyber attacks will place "material revenue and expense pressures" on nonprofit hospitals, according to a Fitch Ratings report released Thursday afternoon.

Fitch stated that the healthcare sector remains a "target-rich environment" due to a large amount of sensitive data related to patient care and operations.

Healthcare was the most targeted industry for cyber attacks in 2020, a trend accelerated by the COVID-19 pandemic, according to Fitch. The move towards remote work provided hackers with more opportunities to infiltrate healthcare organizations.

Related: Healthcare Most Targeted Industry for Cyber-Crime in 2020

The report stated that these data breaches and attacks resulted in the average cost to recover patient records rising by 16% year-over-year, according to estimates from the Department of Health and Human Services (HHS).

"Ransomware pay-outs and efforts to protect or “harden” healthcare systems and cyber defenses are affecting hospital financial flexibility by increasing on-going operating expenses," the report stated. "Attacks may also hinder revenue generation and the ability to recover costs in a timely manner, particularly if they affect a hospital’s ability to bill patients when financial records are compromised or systems become locked. The recovery time and costs associated with breaches of critical data not only pose significant financial burdens but also hamper the ability of healthcare institutions to provide care, which could ultimately have human costs."

Fitch's report is the latest insight into the digital vulnerabilities facing healthcare providers.

Related: Cyber-Security Report Finds 30 Popular Mobile Health Apps are Vulnerable to API Attack

In late October 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and HHS released a joint advisory warning hospitals and health systems about an "increased and imminent cybercrime threat."

In preparation for potential cybercrime threats, the three federal agencies urged Healthcare and Public Health organizations to maintain "business continuity plans" to minimize service interruptions, warning that without these processes in place, hospitals "may be unable to continue operations."

Related: CISA, FBI, HHS Warn Hospitals of 'Increased and Imminent' Cybercrime Threat

Jack O'Brien is the Content Team Lead and Finance Editor at HealthLeaders, an HCPro brand.

Get the latest on healthcare leadership in your inbox.