The February cyberattack on Tallahassee (Fla.) Memorial HealthCare will be "credit negative" for the health system, Moody's said in a Feb. 27 report.
"The attack on TMH underscores the importance of strong cybersecurity as cyberattacks can have an adverse financial effect on healthcare organizations," the report said, pointing to the $150 million hit Chicago-based CommonSpirit Health took from a ransomware attack last year.
The authors noted that the event is considered "credit negative" despite Tallahassee Memorial getting its systems back online in 13 days and saying it did not impact patient care.
"Costs related to forensic efforts to identify a cyberattack's point of entry, increased system monitoring and equipment replacement are all common examples of cyberattack-related expenses," the report said. "Health systems may also incur revenue losses as a result of lost patient volume during attacks. And health systems may also feel a need to buy or spend more on cyber insurance, which is increasingly expensive.
"Over time, attacks can lead to added regulatory scrutiny, litigation (particularly if patient information is compromised), and a need to boost investment in securing digital systems."