Tenet Healthcare lost $100 million in earnings and mitigation expenses due to a cyberattack and data breach that occurred in Q2 of 2022. Tenet Healthcare located in Dallas, TX is one of the largest healthcare firms in the U.S., managing 65 hospitals and around 450 healthcare facilities throughout the United States through its brands and subsidiaries. In April 2022, Tenet experienced a cyberattack that caused considerable disruption to its IT services and acute care operations for a couple of weeks. The attack forced the staff to work making use of pen and paper all through the recovery stage, and one affected hospital had to temporarily reroute ambulances to another hospital. The incident furthermore interrupted its telephone system, therefore physicians had to leave the hospital to make phone calls. The cyberattack began on April 20, 2022 and affected a minimum of two hospitals. Tenet failed to provide the public with any information on the attack such as whether ransomware was involved.
According to Tenet’s Q2 2022 income report, the attack seems to have a $100 million unfavorable EBITDA (income before interest, amortization, taxes,
and depreciation) effect. Tweaked admissions decreased by 5.3% year-over-year, as total admissions decreased by 8% from Q2 of 2021, and same-hospital net patient service revenue fell 0.2% due to the cyberattack. In the quarter, Tenet got reduced earnings by 68% compared to Q1 of 2021, which slipped to $38 million, and its operating revenue slipped by 6.4% to $4.6 million for the quarter. The cyber attack was additionally partly the explanation for a 2.8-day increase in its outstanding accounts receivable.
CEO Saum Sutaria of Tenet stated that impacted hospitals’ IT systems needed to be totally recreated, and even though the cyberattack had a substantial business and financial impact, Tenet still have a good quarter. Sutaria explained this company obtained sufficient cybersecurity insurance protection which served to reduce the financial impact of the cyberattack. Its insurance policy paid for $5 million in Q2, 2022. Tenet paid a substantial price as a result of the attack, nevertheless, it is comparable to other cyberattacks such as the Scripps Health ransomware attack. Five medical centers and 19 outpatient facilities were impacted, which led to $112.7 million in forfeited earnings and remediation costs.
Tenet will furthermore handle other matters such as the class action lawsuit filed in Florida last June. Purportedly, Tenet failed to employ adequate security procedures to protect against cyberattacks and failed to give satisfactory notifications to affected people. The lawsuit furthermore states that notification letters weren’t mailed to all people affected by the data breach.