How Business Continuity Can Mitigate Healthcare Cyberattacks

Aug 2, 2022
Danya Strait
The healthcare industry is facing unprecedented threats. The sector, including hospitals and medical facilities, has been identified as one of the most vulnerable to cyberattacks.

Almost 50 million patient records were affected by a major healthcare data breach in 2021.

In one of the latest, Tenet Healthcare reported an April cyberattack they estimate would cost $100 million to mitigate. Tenet Healthcare is a large healthcare organization headquartered in Dallas, Texas, with 60 hospitals, 465 ambulatory surgery centers, and 110 other outpatient centers.

Tenet Healthcare was the victim of a cyberattack that caused significant IT outages. Tenet "immediately suspended user access to affected information technology applications, implemented extensive cybersecurity protection protocols, and swiftly took steps to restrict further unauthorized activity," according to a notice dated April 26.

Threats in Healthcare Cyberattacks

Recently, the healthcare industry has been under attack by cybercriminals. Forty-five million individuals were impacted by healthcare-related cyberattacks in 2021, up from 34 million in 2020. According to one report, which examines breach data reported to the US Department of Health and Human Services (HHS) by healthcare organizations, this number has tripled in just three years, rising from 14 million in 2018 to 42 million in 2019.

The total number of individuals affected has increased by 32% since 2020, indicating that more records are compromised annually.

The healthcare sector is a target for hackers because of the widespread use of electronic medical records and other sensitive data that can be used for financial gain or to perpetrate identity theft.

The following are some areas that these attacks have impacted:

  • Patient privacy: Health information is highly personal and confidential. Hackers can use this data to steal identities, blackmail individuals, and/or extort them using private information such as social security numbers. They may also sell your health information on dark web marketplaces to bad actors who want to commit fraud or extortion against you or your family.
  • Medical records: This includes patient files like lab reports; X-rays; physician notes; prescription information etc., stored in both hard copy format as well as digital form. These documents contain sensitive information about a person's medical history, including their disease status, treatment regime details, etc., which could lead to identity theft if an unauthorized party with malicious intent is accessed.

How Are Cyberattacks Affecting the Healthcare Industry?

Cyberattacks on healthcare organizations can result in a loss of life and cause a loss of money, reputation, and data.

In the most recent cyberattack on healthcare facilities, hackers gained access to patient medical records at hospitals across the US and Canada. In some cases, they could potentially steal credit card information from patients who used their cards at those facilities. This fraud is just one example of how cyberattacks can negatively impact your business continuity strategy.

How Business Continuity Planning and Disaster Recovery Can Help Mitigate the Effects of Cyberattacks

Cyberattacks are evolving and becoming more sophisticated. To ensure your critical systems are protected, you must establish a business continuity management plan (BCMP). 

Business continuity planning is developing systems of prevention and recovery to protect an organization from potential threats. It's the framework for establishing organizational resilience and preparedness; business continuity planning aims to ensure continued operations before, during, and after an incident.

  • Identify and prioritize business processes to define the plan(s) you require; conduct a risk assessment to identify and quantify threats.
  • Define your business continuity strategy and develop a plan.
  • Maintain the program - update risk assessments, business impact analyses, and plans; ensure awareness and validate plans with regular exercises.

Business Continuity Plans Help Keep You Running in the Event of a Cyberattack

Business continuity plans (BCP) are an essential step toward ensuring your organization's ability to recover from a cyberattack. A BCP defines how a company will maintain operations during an interruption. A robust BCP aims to keep a company's core processes operational during a disaster and minimize downtime. A business continuity plan may consider various scenarios, including natural disasters, wildfires, cyberattacks, workplace violence, and isolated incidents.

Three Strategies To Mitigate Healthcare Cyberattacks

Three key strategies can help keep you running in the event of a cyberattack:

Emergency notifications

Emergency notification systems are indispensable when responding to a disaster and restoring operations after a disruption. Part of these plans should include alerting employees about security incidents so they know how best to proceed until IT personnel can get things back up and running. 

For instance, the repercussions could be severe if a cyberattack occurred in an office where employees lacked the necessary training and did not immediately report the incident. It would be impossible to maintain business continuity, and the organization could suffer significant property, asset, and resource loss.

Disaster recovery as a service (DRaaS)

If your company relies heavily on technology, purchasing additional backup data storage services from external providers might be wise in case something goes wrong at your office location(s). 

Business Continuity Plans Are Critical for Hospitals

With the rise of ransomware and other cyberattacks, it's more important than ever for hospitals to have a business continuity plan in place. BCPs help an organization continue operations after a disaster or other disruptive event. However, according to research commissioned by IBM and Ponemon Institute, only 43% of healthcare organizations surveyed had documented business continuity plans, putting them at risk of experiencing significant downtime.

When you think about your own healthcare experience as a patient, you probably want:

  • A hospital that is free from infection
  • A hospital with competent employees who know how to care for you
  • A hospital that will be able to ensure your privacy

A business continuity plan helps ensure these things are possible during an emergency like a cyberattack.


The healthcare industry is being hit hard by cyberattacks, but there are ways to protect your organization. Developing a business continuity and recovery strategy is a strong first step, but testing that plan is critical to your recovery success. Need help getting started? Agility Recovery is here to help

Cybersecurity Checklist

Check for signs that may lead to a data breach or a cyberattack at your organization.