Tenet Healthcare, whose operations span over 36 states, has officially disclosed a cyber incident with the SEC. The incident occurred in April; Tenet initially released minimal details, stating, “The Company immediately suspended user access to impacted information technology applications, executed extensive cybersecurity protection protocols, and took steps to restrict further unauthorized activity.” Information from the SEC report indicates operations at various locations were disrupted due to the incident, which caused Tenet to lose a reported $100 million dollars in their second quarter. Tenet has claimed to have been reimbursed around $5 million from their cyber insurance coverage for these losses.
Analyst Notes
Tenet Healthcare has not appeared on the HIPAA Breach Reporting Tool, which lists companies who’ve suffered breaches that affected the protected health information of more than 500 people. Given prompt notification of the breach, this likely indicates that the disruption due to the breach was primarily operational and did not involve the protected health information of large numbers of Tenet patients.
Having proper backups in place was a major help in reducing the impact of this incident. Only a subset of hospitals was affected by the breach, due to segmentation of networks across business units. Without those measures in place, operations would not have been restored so quickly and the disruption may have spread across additional business units; the potential loss may have been far higher, as Tenet’s revenue in 2021 was $4.85 billion.
While Tenet has cyber insurance coverage and has stated to investors that they are confident they will be recouping the majority of their losses, the likelihood of recouping the entire $100 million in losses is very slim. Cyber insurance remains a useful remediation tool, but has increasingly limited coverage as ransomware and other threats continue to proliferate. Moreover, cyber insurance is increasingly difficult to acquire or renew, and coverage limits are trending to become substantially smaller than Tenet’s current reimbursements of $5 million.
https://www.databreachtoday.com/cyber-incident-cost-100-million-tenet-healthcare-reports-a-19643
