Two healthcare cyberattacks, including one personal and one headline-making incident, highlight the damage cybercriminals can cause to patients. I learned about the first incident yesterday when my orthopedist called to cancel an after-care appointment that morning because their computer network was down due to a cyberattack. I haven’t heard anything yet about a rescheduled appointment.
The second incident occurred at Heywood Healthcare (Heywood), a nonprofit healthcare system in North Central Massachusetts.
Healthcare Cyberattacks Divert EMS Services
On Monday, October 13, in a Facebook post, Heywood said that a “network outage” forced it to close its two emergency departments and divert patients to other facilities. Heywood operates two hospitals: Heywood Hospital, with 134 beds in Gardner, Massachusetts, and Athol Hospital, a 25-bed critical access community hospital nearby in Athol.
The incident also disrupted radiology and laboratory services, along with email and phone systems.
Heywood’s later Facebook post on October 16 explained that a cybersecurity incident caused the disruption and that it was “working closely with third-party cybersecurity experts to assess the situation and restore full functionality as quickly and safely as possible.”
By October 17, the situation had improved slightly, as noted by Central Massachusetts EMS ambulance service in its Facebook post:
“Athol and Heywood Hospitals are off Code Black however remain with limited capabilities. Ambulance crews are advised to make their entry note through Worcester C MED early so the hospital can triage the patient. The hospital will approve capability to care for the patient or ask the ambulance to proceed to the next available E R. Heywood hospitals cat scan will be down until further notice. Please transport stroke patients to the next nearest primary stroke service hospital per state primary stroke service list.”
Ponemon Institute Studies Trends in Healthcare Cyberattacks
Healthcare Cyberattacks Continue to Rise
- For organizations that experienced attacks, the average number of cyberattacks was 43, a 3-point increase from 40 in 2024.
- The average total cost for the most expensive cyberattack over the past 12 months was $3.9 million.
- Cyberattacks of all kinds have negative impacts on patient care and safety.
The Link Between Cyberattacks and Patient Safety
Researchers identified four types of cyberattacks in the study:
- Ransomware
- Business email compromise/spoofing/impersonation
- Supply chain attacks*
- Cloud/account compromise
*The report describes supply chain attacks as follows: “Supplier impersonation and compromise attacks occur when a malicious actor impersonates or successfully compromise an email account in the supply chain. The attacker then observes, mimics and uses historical information to craft scenarios to spoof employees in the supply chain.”
Among the organizations that experienced the four types of cyberattacks, “an average of 72 percent report disruption to patient care, a 3- point jump from 69 percent in 2024.”
Organizations reported different types of disruptions, from diversions, like those experienced by Heywood, to longer hospital stays, medical complications, delays in tests/procedures, and even higher mortality rates.
According to the report,
“… an average of 54 percent report poor patient outcomes due to increases in medical procedure complications. An average of 53 percent saw an increase in a longer length of stay and an average of 29 percent say patient mortality rates increased.”
But each type of cyber attack has a different risk level. Supply chain attacks are the most likely to affect patient care. Of those who experienced supply chain attacks, their patients were
“primarily impacted by delays in procedures and tests that resulted in poor outcomes (51 percent) and an increase in complications from medical procedures (49 percent). Mortality rates increased significantly from 26 percent in 2024 to 32 percent in 2025.”
But ransomware also causes delays, and data loss or exfiltration can increase mortality rates. Read the report for a fuller description of the findings.
In summary,
“For the fourth year in a row, the data reinforces a sobering reality: cyberthreats aren’t just IT security issues, they’re clinical risks. When care is delayed, disrupted or compromised due to a cyberattack, patient outcomes are impacted, and lives are potentially put at risk.”
It is too early to know what type of cybersecurity incident happened at Heywood, and the full impacts on patient care, as the disruption is ongoing and the investigation is not complete.
Solutions and Responses to Healthcare Cyberattacks
The Ponemon report provides a detailed analysis of the causes, the outcomes, and future trends in cybersecurity incidents in healthcare.
It also provides the respondents’ solutions and responses to the cybersecurity challenges. In some cases, the respondents’ strategies did not match up with the level of risk. For example, while supply chain attacks are the most likely to affect patient care, respondents’ placed a greater emphasis on prevention and response to ransomware and cloud account security.
Each organization has its own challenges, experiences and structure, and the solutions and responses are varied to reflect those differences.
All of the cybersecurity responses are important, and prioritizing them is not an easy task.
The HIPAA Security Rule is a Blueprint to Protect Against Cyberattacks
All covered entities and business associates need to follow the HIPAA Security Rule. The Security Rule safeguards are designed to keep patient data secure and strengthen cybersecurity.
From access and audit controls, to authentication procedures, training, and a contingency plan, every prevention and response measure is outlined to guide IT security professionals to a stronger cyber stance.
Cybersecurity today is an integral part of quality patient care. Healthcare cyberattacks can have dire patient safety outcomes, but planning and prevention can reduce those risks.
