Hospital Cyber Attacks Surge, Risking Struggling Bottom Lines (bloomberg.com) 40
Cyberattacks on US hospitals are on the rise, adding a layer of financial pressure onto an industry still struggling to recover from the pandemic. From a report: Health facilities have been hit with 226 digital incursions affecting 36 million people this year, on track to be more widespread than 2022 attacks, according to John Riggi, the national advisor for cybersecurity and risk at the American Hospital Association. Cyber raids on hospitals more than tripled in the past five years and have become more sophisticated, just when hospitals are coping with higher costs for labor and supplies and grappling with staff shortages. The industry in 2022 had what Moody's Investors Service analyst Matthew Cahill called "arguably the worst year in health-care history" for financial performance. "There's really no wiggle room for hospitals to deal with this," Cahill said in an interview. He said cyber risk has contributed to downgrades, including one at Missouri's Capital Region Medical Center last year following a breach.
Health-care facilities are attractive targets for cybercriminals because they hold ample personal data on patients, Matt Fabian and Lisa Washburn of Municipal Market Analytics wrote in a research note. Staffing shortages and wide use of third-party technology make the sector particularly vulnerable. The problem is particularly dire at smaller and rural hospitals, which have more financial distress and tend to use older technology. In an April note, Moody's cited an IBM survey that showed hospitals for 12 years have had the highest average cyberattack cost per industry, with $10.1 million in 2022. The AHA's Riggi said that while most hospitals have insurance, the cost to recover from attacks could be up to 10 times what insurance pays out.
Health-care facilities are attractive targets for cybercriminals because they hold ample personal data on patients, Matt Fabian and Lisa Washburn of Municipal Market Analytics wrote in a research note. Staffing shortages and wide use of third-party technology make the sector particularly vulnerable. The problem is particularly dire at smaller and rural hospitals, which have more financial distress and tend to use older technology. In an April note, Moody's cited an IBM survey that showed hospitals for 12 years have had the highest average cyberattack cost per industry, with $10.1 million in 2022. The AHA's Riggi said that while most hospitals have insurance, the cost to recover from attacks could be up to 10 times what insurance pays out.
Struggling bottom lines? (Score:5, Insightful)
Have you ever read a hospital bill? Where's all the damn money going?
Also,
while most hospitals have insurance, the cost to recover from attacks could be up to 10 times what insurance pays out.
Why are all these genius administrators leaving their hospitals underinsured?
Re:Struggling bottom lines? (Score:4, Interesting)
Re: (Score:2)
What I don't understand is why critical hospital systems are not air gapped and locked down to essential functions.
I don't have a link, so this is purely anectodal, but I remember hearing about a small hospital or a school in Romania that was hit by a ransomware attack and they just reverted to doing things with pen & paper until their systems were brought back online. Modern tech makes our lives easier, and I'm not suggesting that we shouldn't embrace it. While there are scenarios where things move too
Re: (Score:2)
Re: Struggling bottom lines? (Score:1)
Re:Struggling bottom lines? (Score:4, Interesting)
Hospital operating margins are very low on average, with half of hospitals having a negative operating margin. [fiercehealthcare.com] There is plenty of money being made in the healthcare industry, but it isn't the hospitals raking in most of that profit. Pharmaceutical companies are the biggest winners here.
Re: (Score:2)
Two Tylenol at the hospital cost more than two bottles of Tylenol at the supermarket.
Don't tell me hospitals just pass that along to McNeil.
Re: (Score:2)
Two Tylenol at the hospital cost more than two bottles of Tylenol at the supermarket.
Don't tell me hospitals just pass that along to McNeil.
The margin on your Tylenol is high, but the overall margin of the hospital itself is not. The very complex way hospitals have negotiated rates with insurance providers have produced a large number of ridiculous price disparities (like Tylenol). After you add up everything the hospital charges for and all their expenses, however, your average hospital has a profit margin under 1%.
Re: (Score:2)
The margin on your Tylenol is high, but the overall margin of the hospital itself is not.
This is not some kind of ironic coincidence; Tylenol margins are high *because* hospitals are locked into low margins for other things.
Re: (Score:2)
Due to rules and regulations hospitals just can't run down to the local CVS and buy drugs in bulk. They have to buy their supplies from heavily regulated suppliers which heavily adds to the costs.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Where is the money going?
Unnecessary layers of process complexity and upper management/C-level bonuses.
the usa pays for the World healthcare and drugs (Score:3)
the usa pays for the World healthcare and drugs.
In the usa on drugs tv is loaded with ad's and we pay the most. Outside of the usa most ad's are banned and prices are capped.
Most people who have job based insurance do not pay for it directly or have an lot of choice over the plans.
Plans can change each year on what doctors / or hospitals are or out of network.
pricing is all over the place with all kinds of odd and hidden fees.
Re: (Score:1)
It's so weird the way we freedom-loving Americans cling to this health care "system" as a symbol of free-market capitalism, when it's the most distorted parody of a free market the world has ever seen.
Re: (Score:2)
It's so weird the way we freedom-loving Americans cling to this health care "system" as a symbol of free-market capitalism, when it's the most distorted parody of a free market the world has ever seen.
Most of the healthcare system is a perfect example of free-market capitalism, outside of the 37% of spending from Medicare and Medicaid. Insurance companies are private, hospitals are private, pharmaceutical companies are private, etc.
It does not represent a "perfect market" because of the vast amount of market failures to create perfect competition. But this is one of the more likely conditions of free-market capitalism without significant enough regulations.
Re: (Score:3)
Unnecessary layers of process complexity and upper management/C-level bonuses.
Average hospital administrative labor costs amount to 4% of total hospital expenses. [nih.gov] Excessive upper management salaries and bonuses are not a major driver of hospital costs.
Re: (Score:2)
Re: (Score:3)
If you claim an operating margin of 1%, having 4% of your expenses going for non-mission expenses SHOULD look like a juicy target for cuts, but since that 4% goes to the decision makers, they'll never cut it.
OR, they could actually earn their 4% by playing hard ball with the equipment and pharmaceutical companies to get costs down.
Re: (Score:3)
Re: (Score:2)
Where's all the damn money going?
Patent holders.
The premise of this article is counterintuitive (Score:4, Interesting)
If hospitals did gangbusters business during the pandemic - and they did - why are they having financial trouble?
If the cost of labor rose so much, why isn't that being passed along? I think it is actually. There's a problem here being left unsaid. I have suspicions it's something about reimbursements and attempts at cost control via that ham-handed mechanism. What i've noted in medical bills over the past few years is the ballooning hospital and pharmaceutical asks for reimbursement which are often 10 times what the providers are willing to pay. It used to be 3x or 5x, now it's more like 10x.
As usual, all problems remain essentially economic.
Reconsider your assumptions (Score:2)
Hospitals did not do "gangbusters business" during the pandemic. They have suffered significant impacts on revenue over the past four years. There are a lot of factors and issues at play, and I won't try to dissect them for you. Here are a couple of links that might be informative:
Report from the American Hospital Association: https://www.aha.org/guidesrepo... [aha.org]
Report from the NIH: https://pubmed.ncbi.nlm.nih.go... [nih.gov]
Re: (Score:2)
I look at the AHA's top three reasons and it's all economic, really.
1. Sicker patients - implying reimbursement rates aren't covering expenses for very sick people, e.g. those likely covered by the least reimbursing types of insurance. Medicare, Medicaid, etc.
2. Higher costs - implying costs can't be passed on to insurers.
3. Fewer outpatient visits - implying the reimbursement rates are higher here, otherwise this would be a net harm.
So basically what I said, cost control at the reimbursement side is doing
Re: (Score:1)
The primary owners took it all, dumping the problem on secondary investors. Hit-n-run capitalism.
equipment vendors need to do better at updates (Score:2)
equipment vendors need to do better at updates.
No more of this
can't install os updates
must have full outside access so we can remote into it at anytime
only our techs are allowed to work on it
you can not install any of your monitoring or scanning tools on it.
Re: (Score:2)
I suspect that any update to the equipment means it has to go back through the entire FDA certification process to ensure those updates do not impact patient care...
And the FDA certification process, like any bureaucratic process in the USA, takes lots of time and costs the applicant lots of money.
FDA certification for monthly windows updates will (Score:2)
FDA certification for monthly windows updates will never keep up as well say weekly AV definitions updates
More evidence the US is fucked (Score:1)
Re: (Score:2)
Even in systems that have socialized / tax-funded health care, it can still be described as an "industry." Do you think that the hospital administrators, nurses, doctors, custodial staff, equipment manufacturers, cafeteria workers, suppliers, shippers, inspectors and on and on all work for free here in Canada?
Re: (Score:3)
We not only have the most expensive health care, by quality of outcomes we rank 69th in the world, behind Armenia [source [internatio...urance.com]]. Sure, you wouldn't expect us to rank up with Singapore or Norway, but Uraguay and Turkmenistan are kicking our asses here.
We're spending more than anyone else in the world on healthcare to get worse results than Turkmenistan gets spending $484/person/year. We spend almost 19% of our GDP [source [theglobaleconomy.com]] on healthcare;
this is compared to 3% on defense and about 3.8% on welfare and entitlement
Relieved the priority of hospitals is bottom lines (Score:1)
Who (Score:2)
lock 'em up? BOMB THEM. (Score:2)
older technology (Score:2)
"The problem is particularly dire at smaller and rural hospitals, which have more financial distress and tend to use older technology."
It sounds like a solvable problem. Would you rather pay a crippling ransom when all your files get encrypted, or would you pay someone to upgrade your IT and make it reasonably secure?
Will Sutton (Score:2)
They rob hospitals because that's where the money is.