How to Help Avoid Being a Cyberattack Statistic

By Emily Arndt on April 22, 2024

You know the negative, long-lasting effects of cyberattacks. But is your organization prepared to fight against them?

The cold, hard truth

Cyberattacks could be costing the healthcare industry an average of $100 million a day. The Change Healthcare cybersecurity incident that happened in February was a sobering reminder of just how vulnerable healthcare organizations and their patients are to these kinds of attacks. One out of every three Americans were potentially impacted by the incident. This attack has been called the largest cybersecurity attack on the American healthcare system ever. The hackers were allegedly paid $22 million in bitcoin.

As a result of the cyberattack, Change Healthcare was forced to take their systems offline, resulting in the disruption of patient care in many ways, including medication delays and out-of-pocket costs for patient medications. Healthcare providers are having major cash flow issues due to claims denials for services cause by this event.

The average cost of a healthcare data breach was $10.93 million in 2023, up from $10.10 million in 2022. Healthcare has the highest data breach cost of all industries. Between 2020 and 2023, the average cost of a data breach rose by 53.3%. To put these numbers in perspective, the second costliest sector was the financial sector at an average cost of $5.9 million.


What you can do about it

Here are twelve things you can do to help prevent your organization from becoming another statistic:

  1. Conduct a self-assessment: this includes taking stock of the information you have, scaling down and only keeping what you need, locking it, pitching what you no longer need and planning ahead for an incident.
  2. Utilize a multi-factor authorization process.
  3. Maintain current operating systems. It’s difficult to restrict physical access to equipment, but you can make that equipment harder to hack into.
  4. Have a written business continuity plan in place addressing disaster recovery, continuity of operation planning and business continuity in place to help mitigate risk and safeguard the organization with minimal disruption in operations.
  5. Have a HIPAA breach protocol incident response plan in place.
  6. Have policies and procedures in place to minimize the effects on patient care, just as you would for a fire or flood. It’s important to have a plan in place to lessen the impact, such as keeping a paper list of physicians’ cell phone numbers in case your system become inaccessible.
  7. Train employees to identify phishing emails. Email phishing is the most common type of cyberattack used on the healthcare industry. It’s when a seemingly-harmless email comes to one of your employees with a link(s) to a decoy webpage that asks for their system login information. Once the hacker has it, it’s too late. The hacker will then have access to their entire system of patient information.
  8. Encrypt and/or deidentify patient data: Encrypting ePHI helps prevent hackers from using it, if stolen. Deidentification means removing any information from records that could identify a person, if stolen.
  9. Install and maintain anti-virus software.
  10. Collaborate within your organization, taking a multidisciplinary approach. It’s equally important for clinicians to understand their role in what’s at stake as the IT department.
  11. Expect technology vendors to use evidence-based practices and stronger security measures to reduce your vulnerabilities.
  12. Obtain cybersecurity insurance coverage: Glatfelter’s wholesaler, Glatfelter Brokerage Services (GBS), introduced a more robust cybersecurity product at the beginning of this year in response to the significant increase in cyber-attacks. If you're interested in the product, ask your agent to check out the GBS website, linked below, and submit an application for you.




Along with potentially losing millions of dollars as ransom payment, there are other consequences to cybersecurity attacks. Your organization could be fined or slapped with a HIPAA violation. It’s critical that you not only help try to prevent an attack by enrolling in a cyber insurance policy, but that you proactively prepare for these types of events. The chance of experiencing a cyberattack is increasing as cybercriminals become more sophisticated and healthcare organizations struggle to maintain a sufficient workforce. Starting with these twelve actions may help prevent or lessen the severity of the next attack.

What are some other ways your healthcare organization has dealt with cybersecurity risks? Make note in the comments below!

Emily Arndt

Em, a proud cat mom to Margot and Teddy, enjoys learning guitar, the beach, writing, and working on her sarcasm.


The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.

Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.

This blog post may contain the content of third parties and links to third party websites. Third party content and websites are owned and operated by an independent party over which Glatfelter has no control. Glatfelter makes no representation, warranty, or guarantee as to the accuracy, completeness, timeliness or reliability of any third party content. References to third party services, processes, products, or other information does not constitute or imply any endorsement, sponsorship or recommendation by Glatfelter, unless expressly stated otherwise.

Related posts

In summer 2024, weather will be unpredictable, but these are the weather events you can expect, depending on location.

Continue Reading

About the top 4 insurance claims houses of worship experience.

Continue Reading

Submit a Comment