Breach remediation processes adversely impact timeliness in patient care and outcomes, a new study finds.
Ransomware attacks and data breaches targeting hospitals may cause a higher mortality rate among heart patients in the months and years after an incident, Vanderbilt University researchers report, as breach remediation time interferes with patient care and outcomes.
Researchers with Vanderbilt’s Owen Graduate School of Management analyzed healthcare data breaches recorded by the Department of Health and Human Services (HHS). They investigated patient mortality rates at more than 3,000 Medicare-certified hospitals between 2012 and 2016, 10% of which had reported a data breach. They found attackers are not directly controlling medication; rather, hospitals’ approach to breach remediation is slowing down doctors, nurses, and other healthcare practitioners responsible for cardiac care, according to an article on PBS NewsHour.
Specifically, the researchers wanted to know two factors: the time it takes for a patient with chest pain to get from an emergency room to receive an electrocardiogram (EKG) reading, and the 30-day mortality rate for heart attacks. They learned the time it takes for someone to receive an EKG increased by up to 2.7 minutes after a breach. Further, this delay stayed as high as two minutes even three to four years after a breach occurred.
At the hundreds of hospitals in this study that reported data breaches, there were as many as 36 additional deaths per 10,000 heart attacks each year. It’s worth noting heart attacks are among the most common medical emergencies in the US: According to PBS, 735,000 Americans suffer one every year. The number of healthcare institutions affected by data breaches rose 20% in 2019, affecting medical records of 30 million health care customers – the most since 2015.