stock.adobe.com

Tenet Healthcare Cyberattack Leads to $100M in Lost Q2 Revenue

Tenet Healthcare suffered a cyberattack that had an “unfavorable impact” of approximately $100 million, its Q2 earnings report stated.

In its Q2 earnings report, Tenet Healthcare reported an “unfavorable impact” of approximately $100 million as a result of an April cyberattack. Tenet Healthcare is a large healthcare company based in Dallas, Texas that consists of 60 hospitals, 465 ambulatory surgery centers, and 110 additional outpatient centers.

As previously reported, Tenet Healthcare suffered a cyberattack that resulted in significant IT outages. According to an April 26 notice, Tenet “immediately suspended user access to impacted information technology applications, executed extensive cybersecurity protection protocols, and quickly took steps to restrict further unauthorized activity.”

The earnings report shed additional light on the cybersecurity incident, explaining that the company’s hospitals remained operational and continued to deliver effective patient care, “utilizing well-established back-up processes.”

Tenet is now fully recovered from the cybersecurity incident, but its Q2 earnings report showed that the incident took a financial toll on the organization.

Along with an unfavorable impact of approximately $100 million to adjusted EBITDA (earnings before interest, taxes, depreciation, and amortization), the company’s net operating revenues experienced a decline of 11 percent compared to Q2 2021. The decline was partially attributed to the cyberattack, but also to the sale of Tenet’s Miami-area hospitals in Q2 2021.

“Same-hospital net patient service revenue per adjusted admission decreased 0.2 percent year-over-year for Q2’22 primarily due to the unfavorable impact of the cybersecurity incident, partially offset by improved pricing yield,” the report continued.

Despite these losses, the costs of recovery for Tenet Healthcare were comparable to those of other cyberattacks suffered by large healthcare organizations. For example, Scripps Health incurred approximately $112.7 million in losses after a May 2021 cyberattack disrupted its operations.

“We had another strong quarter and are reaffirming our 2022 Adjusted EBITDA Outlook,” Saum Sutaria, CEO of Tenet Healthcare, said in the earnings report.

“We demonstrated resilience in the face of a disruptive cyber attack and discipline through challenging market conditions.”

In addition to the existing financial losses, Tenet Healthcare and its affiliate, Baptist Health System, are currently facing a proposed class-action data breach lawsuit.

The lawsuit alleged that Tenet Healthcare was negligent and failed to implement proper technical safeguards to prevent a security incident. The plaintiff also alleged that he spent and will continue to spend a significant amount of time protecting his personal data and preventing it from being misused. However, the lawsuit did not cite any actual misuse of the plaintiff’s data.

Next Steps

Dig Deeper on Cybersecurity strategies