As healthcare faces skyrocketing cyberattacks, surgeons are urged to lead frontline defense

Editor’s Note

Healthcare organizations are hemorrhaging millions to cybercrime and turning to medical staff as unlikely but indispensable defenders in the face of this growing threat. As detailed in a Cyber Security News April 29 article, healthcare remains the most expensive industry for data breaches, with the average cost reaching $9.77 million in 2024. Ransomware attacks are even more costly, averaging $10.93 million per incident, while ransom payments soared to $2.03 million. The financial toll is worsened by legal consequences: 41% of breaches led to class-action lawsuits, with settlements reportedly averaging $2.1 million.

Then there is the non-monetary fallout, as cyberattacks often result in data theft, disruption of hospital operations, delayed treatments, and more. According to the American College of Surgeons (ACS) in an April 9 bulletin, attacks have impacted hospital systems, clinics, insurers, and blood banks. A cited example, the July 2024 ransomware attack on a major blood bank in south Florida triggered a regional blood supply crisis and forced the cancellation of surgical procedures across community hospitals. A trauma surgeon from the University of Miami recounted how the inability to label blood products—caused by software failure during the attack—created a 3-day emergency, prompting new transfusion protocols.

Greg Young, a cybersecurity executive quoted in the bulletin, emphasizes that while ransom is the primary motive behind many attacks, the broader damage includes reputational harm, lawsuits, and destabilized leadership. The article cited a 2024 survey, showing that 21% of hospitals hit by cyberattacks underwent senior leadership changes—most often affecting IT leaders—compared to 13% across other industries. These turnovers, often unjustly blamed, result in the loss of institutional knowledge critical to maintaining cybersecurity resilience.

ACS makes a clear call to action: surgeons, as influential leaders in healthcare organizations, must advocate for and model strong cybersecurity practices. Their visibility and authority within hospitals position them to influence both culture and compliance, especially in settings where staff might otherwise view cybersecurity as outside their domain.

More than 80% of healthcare organizations reported cyberattacks in 2024, the bulletin noted. These incidents show the necessity to engage clinical leaders in cybersecurity planning and preparedness. In this climate, the surgeon’s role extends beyond the OR, and advocating for digital safety is now part of the mandate to protect patients, ACS concludes.