Cynerio and Ponemon Study Finds Frequent Cyber Attacks and Insufficient Accountability in Healthcare Notably Impact Patient Care

Survey reveals that almost half of hospitals have been attacked with ransomware, and that 76% of victimized hospitals were attacked 3 or more times.
Zachary Weiner
Aug 3, 2022
Press Releases

NEW YORK, New York., August 3rd, 2022 - Cynerio, the leading provider of healthcare IoT cybersecurity, today released a report conducted in partnership with the Ponemon Institute that examines the current impacts of cyberattacks on healthcare facilities and network-connected IoT and medical devices. The report details multiple alarming trends including widespread and repeated attacks, financial losses measured in the millions, and frequent failures to take basic cybersecurity measures.

The Insecurity of Connected Devices in HealthCare 2022 Report surveyed experts in leadership positions at 517 healthcare systems throughout the United States. Key findings include:

Cyberattacks Are Frequent, Recurring, and Adversely Impact Patient Care

56% of respondents stated their organizations experienced one or more cyberattacks in the past 24 months involving IoMT/IoT devices. Among those, 58% averaged 9 or more cyberattacks during that time.

45% of these respondents report adverse impacts on patient care, and 53% percent of those report adverse impacts resulting in increased mortality rates.

Perceived Risk in IoT/ IoMT Devices Is High, but Proactive Security Actions and Accountability Are Not

71% of respondents rated the security risks presented by IoT/IoMT devices as high or very high, while only 21% report a mature stage of proactive security actions.

Of the 46% who performed well-known and accepted procedures such as scanning for devices, only 33% of these respondents keep an inventory of the devices that were discovered.

Ransomware Is a Vicious, Profitable Cycle

47% of those experiencing an attack resulted in a ransom being paid. 32% of the ransoms paid fell in the range of $250k - $500k.

“It’s clear that cyberattackers have increasingly focused their efforts on hospitals since 2020," said Chad Holmes, Security Evangelist at Cynerio. "What had been unclear was the frequency and resulting damage of their attacks. By teaming with Ponemon Institute, we have been able to collect feedback from hundreds of hospitals and present a clear picture of the issues they’re facing, both in terms of financial losses and impact to patient care. Ultimately, our aim for this data is to inform and expedite improved cybersecurity funding, training, and policy creation for all healthcare providers.”

The report further details a range of financial impacts, attack types, and detailed sentiments surrounding investments made towards IoT/IoMT security.

"Until recently, the wide scale of cyberattacks on healthcare systems was difficult to measure and typically spoken of anecdotally," said Larry Ponemon, founder and chairman of the Ponemon Institute. "Our team at Ponemon Institute is proudly pioneering research with organizations like Cynerio to better define the risks hospitals and their patients confront. We hope this report enables healthcare leaders, policymakers and device manufacturers to more effectively address the cybersecurity threats they encounter."

To view the full report and download the complete findings, click here.

About Ponemon institute

Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. Ponemon Institute upholds strict data confidentiality, privacy and ethical research standards, and does not collect any personally identifiable information from individuals (or company identifiable information in business research). Furthermore, strict quality standards ensure that subjects are not asked extraneous, irrelevant or improper questions. To learn more visit

About Cynerio

Cynerio is the one-stop shop Healthcare IoT security platform. With solutions that cater to healthcare’s every IoT need – from Enterprise IoT to OT and IoMT – we promote cross-organizational alignment and provide hospitals the control, foresight, and adaptability they require to stay cyber-secure in a constantly evolving threatscape. We empower healthcare organizations to stay compliant and proactively manage every connection on their own terms with real-time IoT attack detection and response and rapid risk reduction tools, so that they can focus on healthcare’s top priority: delivering quality patient care. Learn more about Cynerio at or follow us on Twitter @cynerio and LinkedIn.

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability