Ransomware attacks more than doubled between 2015 and 2021, with large, multi-facility organizations being the hardest hit.
The healthcare sector is facing an alarming increase in ransomware attacks, with profound implications for patient safety and the overall functioning of healthcare delivery organizations. This analysis provides comprehensive information on the nature of ransomware, its impact on healthcare systems, and the preventive measures that can be taken to mitigate the risk. The information presented is based on recent studies and expert opinions, highlighting the urgent need for coordinated action.
- 70% of respondents in the 2020 HIMSS Cybersecurity Survey reported a major security breach in the past year, with 20% experiencing ransomware.
- Ransomware attacks disrupt healthcare operations, leading to delays in surgeries, rerouting of ambulances, and sometimes irreparable damage.
- The first tragedy linked to ransomware occurred when a baby died with severe brain damage; the hospital was under attack at the time.
- UCSD researchers found that ransomware attacks are associated with greater disruptions to regional hospitals and should be treated as disasters.
- Experts recommend national priority in boosting cyberattack prevention, better data collection, investment in emergency operation plans, and increased vigilance against phishing.
- The COVID-19 pandemic coincided with a rise in ransomware attacks, though no systematic accounting exists for the extent and impact.
- Stroke care was found to be particularly affected due to its time-sensitive and technology-driven nature.
- Some legislative proposals include mandating disclosure of ransom demands and potentially banning the payment of ransoms.
- The escalating threat of ransomware in healthcare requires immediate and coordinated efforts across all levels of the healthcare system. Clinicians must be vigilant and actively participate in prevention efforts, while legislative and organizational measures must be strengthened.
“The FBI strongly recommends that businesses not acquiesce to ransom demands in the event of a ransomware [attack], since complying with ransom demands incentivizes ransomware actors to continue targeting health care organizations.”
– Authors of the JAMA Health Forum Cohort Study