Ransomware attacks on health care organizations are on the rise, both in frequency and sophistication, according to a new study published in JAMA Health Forum. These dangerous disruptions may threaten patient safety and outcomes, the study finds.
As health care organizations have increased their reliance on health information technology, they have also augmented their exposure to cybersecurity threats such as ransomware; malicious software that inhibits user access to electronic systems until a ransom is paid. While some high-profile ransomware attacks on health care systems have garnered media attention, the investigators noted that there is currently no systemic documentation pertaining to the impact of ransomware attacks.
In this study, researchers assessed ransomware attacks using data from the Tracking Healthcare Ransomware Events and Traits database from 2016 to 2021. The main outcomes of interest were defined as: Date of ransomware attack, public reporting of ransomware attacks, personal health information (PHI) exposure, status of encrypted/stolen data following the attack, type of health care delivery organization affected, and operational disruption during the ransomware attack.
A Major Problem Found
According to the results, there were 374 ransomware attacks on US health care delivery organizations between 2016 and 2021, which exposed the PHI on almost 42 million patients. Alarmingly, the study found that over that time period, the annual number of ransomware attacks more than doubled from 43 to 91. Moreover, the study found that almost half (44%) of ransomware attacks disrupted health care delivery. Common disruptions included electronic system downtime, appointment cancellations, and ambulance diversion. Perhaps more troublingly, the findings showed that ransomware attacks on health care delivery organizations increasingly affected large organizations with multiple facilities, exposed the PHI of more patients, were less likely to be restored from data backups, and were more likely to exceed mandatory reporting timelines.
“This cohort study of ransomware attacks documented growth in their frequency and sophistication. Ransomware attacks disrupt care delivery and jeopardize information integrity,” the researchers concluded. “Current monitoring/reporting efforts provide limited information and could be expanded to potentially yield a more complete view of how this growing form of cybercrime affects the delivery of health care.”