Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Health care providers face mounting danger from ransomware attacks

January 4, 2023

Article

Care delivery, patient health information put at risk from growth in cybercrime

Ransomware attacks pose a growing threat to health care providers, a new study finds, with consequences ranging from exposed patient data to disabled electronic health record (EHR) systems to ambulance diversions and canceled surgeries.

The study’s authors examined the number and characteristics of ransomware attacks on clinics, hospitals, and other types of health care delivery organizations from 2016 through 2021. They created a database for the study by combining information from a cybersecurity threat intelligence company and the Office of Civil Rights at the U.S. Department of Health and Human Services. The latter is responsible for collecting information on data breaches that involved protected health information (PHI).

From their data, the researchers were able to document 374 ransomware attacks during the period, with the annual number increasing from 43 to 91. PHI exposure grew from approximately 1.3 million to more than 16.5 million individuals, with an overall total of nearly 42 million during the period.

In addition, the authors found that as the number of ransomware attacks grew, so too did the likelihood that some or all the stolen PHI would be made public. That was the case in 14% of attacks in 2016, compared to 22% of attacks in 2021. At the same time, the number of ransomware targets restoring encrypted or stolen data was diminishing, from 35% in 2016 to 14.4% in 2021.

Health care clinics were the most frequent targets, accounting for about 58% of attacks during the period. That was followed by hospitals (22%), ambulatory surgical centers (15%), and mental/behavioral health, dental and post-acute care providers.

In terms of the consequences ransomware attacks posed for care delivery, the most frequent was disruption to EHR systems, often causing providers to switch to paper charts. Other types of disruptions included ambulance diversions and canceled patient appointments.

The authors suggest that legislation requiring disclosure of more information surrounding ransomware attacks, such as ransom demand amounts and whether the ransom was paid, could help targets of such attacks decide how to respond. They note that the FBI strongly discourages giving in to ransom demands on the grounds that doing so incentivizes further attacks. Moreover, there have been cases where organizations that have paid ransoms have received further demands or been given nonfunctional decryption keys. Thus, “additional ransom payment disclosure requirements would enable a better understanding of the potential tradeoff between financial cost and operational disruption duration.”

The study, “Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021” was published online December 29, 2022 on JAMA Health Forum.