Global Edition
Privacy & Security

Half of ransomware attacks have disrupted healthcare delivery, JAMA report finds

The frequency of cyberattacks on hospitals and health systems more than doubled from 2016 to 2021, say researchers, and the incidents have exposed the protected health information of nearly 42 million patients.
By Andrea Fox
January 10, 2023
11:06 AM

Photo by: Science Photo Library/Getty Images

Led by University of Minnesota Public Health researchers, the Trends in Ransomware Attacks on U.S. Hospitals, Clinics and Other Health Care Delivery Organizations study quantified the frequency and characteristics of ransomware attacks on the healthcare sector from 2016 to 2021.

WHY IT MATTERS

Ransomware groups are generally aggressive on critical infrastructure like energy, healthcare and government. And the increasing frequency and severity of ransomware attacks on hospitals and healthcare organizations can disrupt operations and patient access for weeks or even months.

The risks of being hit conflate a number of issues – loss of access to critical health data, the high costs of responding to and preventing cyberattacks and threats to patient safety – that have largely shifted focus to the defense of healthcare infrastructure.

For the study, the public health researchers looked at the date of ransomware attacks, public reporting, personal health information exposure, the status of encrypted/stolen data following the attack, the type of healthcare delivery organization affected and operational disruption during an attack.

Some of the key findings are:

  • From 2016 to 2021, the annual number of ransomware attacks more than doubled from 43 to 91.
  • Almost half, or 44.4% of the cohort, disrupted the delivery of healthcare.
  • Thirty-two attacks, or 8.6% of the cohort, led to operations disruptions of more than two weeks.
  • Approximately one in five (20.6%) of healthcare organizations reported being able to restore data from backups.

Common disruptions included electronic system downtime, 41.7%, cancellations of scheduled care, 10.2%, and ambulance diversion 4.3%. 

Data exposure following an incident is a key concern for ransomware victims as hospitals and healthcare systems are required under HIPAA to protect patient data. 

The cohort incidents exposed the PHI of more patients, say researchers.

"For 59 ransomware attacks (15.8%), there was evidence that ransomware actors had made some or all of the stolen PHI public, typically by posting it on dark web forums where stolen data are advertised for sale by including a subset of records," according to the JAMA abstract.

Researchers noted they found growing lags in reporting ransomware incidents over the study period, with one in five attacks not present in the U.S. Department of Health & Human Services Office for Civil Rights database.

As a result, "many of the statistics reported in this article are likely underestimates due to underreporting," they said. 

The absence may be due to low PHI exposure, under guidance from HHS that states HIPAA-covered entities and their business associates do not need to report incidents if they demonstrate a low probability that PHI has been exposed.

THE LARGER TREND

The university researchers said that ransomware increasingly affected large organizations with multiple facilities during the study period. 

However, cybersecurity experts have said that more recently cybercriminals know that larger organizations are spending more on cybersecurity protections and are looking at smaller organizations with smaller budgets that are more vulnerable to their exploits.

In June 2022, Sophos found that ransomware attacks on healthcare entities doubled from 2020 to 2021 in a poll of more than 5,000 IT professionals.

"Healthcare saw the highest increase in volume of cyber attacks (69%) as well as the complexity of cyber attacks (67%) compared to the cross-sector average of 57% and 59% respectively," the Sophos researchers said.

"In terms of the impact of these cyber attacks, healthcare was the second most affected sector (59%) compared to the global average of 53%."

ON THE RECORD

"This cohort study of ransomware attacks documented growth in their frequency and sophistication," the researchers said in the study report. 

"Ransomware attacks disrupt care delivery and jeopardize information integrity. Current monitoring/reporting efforts provide limited information and could be expanded to potentially yield a more complete view of how this growing form of cybercrime affects the delivery of healthcare."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.

Topics: 
Compliance & Legal, Population Health, Privacy & Security

More regional news

HIMSSCast podcast

HIMSSCast: New analytics strategies for patient-centric pop health

By
Mike Miliard
April 19, 2024
Penn Medicine's Perelman Center for Advanced Medicine

Conversational AI improves 'fourth trimester' maternal care at Penn Medicine

By
Bill Siwicki
April 19, 2024
Close-up of doctor lookin at data on a tablet

Doctors are getting on board with genAI, survey shows

By
Andrea Fox
April 19, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Penn Medicine's Perelman Center for Advanced Medicine
Success Stories & ROI
Conversational AI improves 'fourth trimester' maternal care at Penn Medicine

Most Read

FDA approves sleep apnea tech from EnsoData, Samsung
Ukrainian man pleads guilty to 2020 UVM cyberattack
DOJ, international partners seize LockBit servers, provide decryptors
ChristianaCare to expand medication adherence program
Change Healthcare experiencing a cyberattack
25m Health taps Clearwater for scalable cyber compliance program

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Artificial Intelligence
Analytics
Analytics

Video

Dr. Donald Warne at the Center for Indigenous Health at Johns Hopkins_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Indigenous communities need to be engaged with healthcare choices
Naomi Escoffery at the Defense Health Agency_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
DoD health systems take a proactive approach to digitization
Dr. Emily C. Webber at Indiana University Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How text messaging can help improve health equity
Tony Black at Kyndryl_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Hospitals must start business continuity planning

More Stories

Wagner Amaral, growth markets health industry lead at Avanade
Enhance collaboration and productivity while securing digital assets
Marina El Khawand at Medonations_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
From scout service to crowdsourcing relief
motherboard with lock in blue light representing cybersecurity
Healthcare still underprepared for scope of cyber threats, says Kroll report
Andy Chu of Providence on tech spinoff
Tech spinoff enables Providence to go from building three new app features a year to 40
Close-up on handshake of two people in suits.
Salesforce may be in talks to buy Informatica
Fragmented data is a barrier to improved cancer treatment goals
Consolidated radiology and pathology data brings precision to cancer care
Patricia MacTaggart at George Washington University_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
AI policy can benefit from past technology rollout lessons
Two information workers with abstract of data
10 tips to avoid planting AI time bombs in your organization