Patients at risk as APAC healthcare providers face cyber-attacks

Firms lose over $23.3m to cybercriminals.

Healthcare providers stand to lose millions as cyber-attacks grow ever more sophisticated, a new report revealed.

According to a Microsoft-commissioned study by Frost & Sullivan, healthcare organisations face $10.5m in direct losses stemming from customer disruption, fines and productivity loss, as well as $12.8m in indirect losses from customer churn and falling share prices.

Sophisticated cyber-attacks, such as those experienced by Singapore and Hong Kong in recent months, can have far-reaching effects for patients/ Keren Priyadarshini, Microsoft Asia’s regional business lead for worldwide health noted that a patient's safety and well-being was invariably tied to a healthcare organisation's ability to safeguard private and personal data.

"When a medical institution is hit with a cyber-attack such as ransomware, critical care treatment needed by patients can be delayed and non-emergency cases can be forcibly canceled as doctors are unable to access patient's medical information or the accuracy of the data becomes questionable as cybercriminals could have changed the data values," she said.

The biggest economic impact was from the loss of customers, while 60 percent of cyber-attacks on healthcare companies in the past year had led to job losses across different functions.

Web defacement and data exfiltration had the highest impact and often resulted in the slowest recovery time, the study revealed. It added that 50 percent of healthcare organisations running more than 50 cyber security tools took more than a day to recover from cyber security attacks, while 79 percent operating between 11 and 25 tools took less than an hour.

In addition, 65 percent had pushed back their digital transformation efforts over concerns about cyber security.

"With more and more healthcare organisations in Asia-Pacific moving beyond digitisation into transformation and rallying with innovation, building a strong foundation with security and compliance has become critical. Embedding security and privacy into all aspects of digital interactions is not an option anymore--it needs to be mandated, and even more so for healthcare organisations as they handle sensitive and confidential data," said Frost & Sullivan's industry principal of cybersecurity Kenny Yeo.