Tenet Healthcare has not appeared on the HIPAA Breach Reporting Tool, which lists companies who’ve suffered breaches that affected the protected health information of more than 500 people. Given prompt notification of the breach, this likely indicates that the disruption due to the breach was primarily operational and did not involve the protected health information of large numbers of Tenet patients.

Having proper backups in place was a major help in reducing the impact of this incident. Only a subset of hospitals was affected by the breach, due to segmentation of networks across business units. Without those measures in place, operations would not have been restored so quickly and the disruption may have spread across additional business units; the potential loss may have been far higher, as Tenet’s revenue in 2021 was $4.85 billion.

While Tenet has cyber insurance coverage and has stated to investors that they are confident they will be recouping the majority of their losses, the likelihood of recouping the entire $100 million in losses is very slim. Cyber insurance remains a useful remediation tool, but has increasingly limited coverage as ransomware and other threats continue to proliferate. Moreover, cyber insurance is increasingly difficult to acquire or renew, and coverage limits are trending to become substantially smaller than Tenet’s current reimbursements of $5 million.

https://www.databreachtoday.com/cyber-incident-cost-100-million-tenet-healthcare-reports-a-19643