How Are Cyberattacks Disrupting Healthcare Supply Chains?

Healthcare organisations are facing a growing threat from cyberattacks, with supply chain breaches emerging as the most damaging.

A recent report by Proofpoint and Ponemon Institute reveals that 92% of healthcare organisations in the US experienced a cyberattack in the past year, but it’s the supply chain attacks that are having the gravest impact on patient care.

These attacks - where hackers infiltrate third-party suppliers, disrupting the delivery of essential services or equipment - are particularly harmful because they create widespread ripple effects across the healthcare sector.

Among the organisations that experienced a supply chain attack, a shocking 82% reported significant disruptions to patient care, up from 77% the previous year.

These disruptions led to delayed procedures, missed tests and, in many cases, worsened medical outcomes.

Patient safety at risk

The consequences of these supply chain attacks are felt directly by patients.

Delays in receiving vital medical supplies or test results can mean the difference between a swift recovery and a life-threatening situation.

In some cases, the impact has been fatal. Of the healthcare organisations hit by cyberattacks, 28% reported an increase in patient mortality - up by 5% compared to last year.

This alarming statistic highlights the urgent need for healthcare organisations to bolster their defences, particularly when it comes to securing their supply chains.

The report also noted that other types of attacks, such as cloud compromises, ransomware and business email compromise (BEC), are prevalent, but none appear to have the same severe, direct effect on patient care as supply chain breaches.

When a supplier is compromised, the healthcare provider may lose access to critical services or products, leaving them unable to perform timely treatments or procedures.

"It is more important than ever for healthcare organisations to be aware of the threat to their security," comments Marc Haskelson, President and CEO of Compliancy Group.

"Being prepared for a healthcare breach – by becoming HIPAA compliant and implementing robust cybersecurity practices – can mean all the difference in how your organisation copes with the aftermath of an incident."

Ransomware shows some improvement

Although supply chain attacks remain a significant concern, there is some positive news on the ransomware front.

Historically considered one of the most dangerous forms of cyberattack, ransomware incidents in healthcare seem to be declining slightly in impact. This year, just over half (54%) of respondents felt vulnerable to ransomware attacks, down from 64% the year before.

Part of this change may be due to ransomware groups avoiding healthcare institutions and other critical infrastructure, as these targets often provoke law enforcement action that can lead to the dismantling of the hackers’ operations.

However, despite fewer organisations feeling vulnerable, those that do fall victim to ransomware are paying higher ransoms. The average ransom paid has jumped by 10%, now exceeding US$1m.

Healthcare organisations are making progress in securing themselves against ransomware, but supply chain attacks are proving far more difficult to manage.

Until suppliers and partners strengthen their own cybersecurity measures, healthcare providers will continue to face significant risks that threaten patient safety.

Check out the latest edition of Supply Chain Digital and sign up to our global conference series – Procurement and Supply Chain LIVE 2025. 

Supply Chain Digital is a BizClik brand.