Ransomware Attacks on Health Care Delivery Organizations are Increasing
Research suggests ransomware attacks against healthcare delivery companies are becoming more frequent and sophisticated, putting patient safety and outcomes at risk.
As healthcare organizations have become increasingly dependent on health information technology, new cybersecurity issues, such as ransomware attacks, have surfaced. Increasingly, these breaches are attributed to external sources (such as hacking) rather than internal incompetence or misconduct (i.e., misplaced laptops or inappropriately accessed data).
Ransomware is a kind of malicious software that prevents users from accessing electronic systems until a ransom is paid. As the dependence of health care organizations on health information technology has grown, so has their susceptibility to cybersecurity risks, such as ransomware. The investigators pointed out that there is presently no systematic record of the effect that ransomware attacks have had, despite the fact that there have been several high-profile ransomware attacks on health care systems that have gained public attention. While most data breaches attempt to steal information, ransomware is designed to disrupt so that the target firm is forced to pay the ransom.
Reports of disabled computers and encrypted electronic health records, clinicians forced to document care using pen and paper, postponed appointments and canceled surgeries, rerouted ambulances by emergency departments, and practice infrastructure so severely damaged that some practices have chosen to close rather than attempt to restore systems indicate that ransomware attacks significantly disrupt care delivery.
Some have hypothesized that ransomware attacks on healthcare delivery organizations may impose a human cost in addition to a monetary one by putting patient safety and outcomes at risk.
According to the new study's findings, the number of ransomware attacks on hospitals, clinics, and other care delivery organizations in the United States more than quadrupled between 2016 and 2021, going from 43 to 91 annually. Because of the security failures, the private medical information of about 42 million patients was exposed.
The findings were published in JAMA Health Forum and contain information on 374 assaults that occurred nationwide. Researchers observed that assaults disclosed bigger volumes of personal health data throughout the five years that were analyzed, and they found that attacks grew more likely to target major enterprises with many facilities.
When health companies are attacked, the software poses a significant risk to patient outcomes and is a huge cybersecurity risk. Users may be prevented from accessing electronic systems by ransomware, with the perpetrators of the attack demanding a ransom in exchange for regaining access. According to the authors' writing, in contrast to the goals of past data breaches, the purpose of these assaults is not to steal data but to disrupt operations.
When the computer system of a healthcare delivery organization goes down, it may cause scheduled operations or appointments to be postponed or canceled. According to what the researchers indicated in the paper, emergency hospitals may also be compelled to reroute ambulances, which would risk patient safety and results.
Several government authorities issued warnings concerning the surge in assaults concurrently with the COVID-19 epidemic, which occurred when healthcare systems were already under pressure due to the historically high demand.
Nearly half of all the assaults analyzed for this research caused disruptions in patient care, and as the study progressed, it became less probable that data could be recovered from previous backups.
From 2016 to 2021, the number of individuals whose personal health information was compromised as a result of assaults climbed by more than 11 times, going from 1.3 million to more than 16.5 million.
There was evidence that the perpetrators made some or all of the health information public in approximately 16 percent of the attacks. "Typically, they did this by posting it on dark web forums where stolen data are advertised for sale by including a subset of records," the study's authors explained.
Clinics were the most prevalent target. The majority of the assaults were directed at clinics, followed by hospitals, other delivery facilities, ambulatory surgery centers, and mental and behavioral health institutions. Dental offices and companies that provide post-acute care were also among the targets.
A little less than nine percent of assaults result in interruptions that endure for more than two weeks.
The researchers warned that the reported totals are probably lower than the actual number of incidents because of underreporting.
According to the study, certain susceptible or underfunded businesses may not have the time or resources necessary to comply with current cybersecurity advice when defending themselves against assaults. According to what they found, there is a need for more studies to address this risk and inspire higher investment in the information technology budgets of health systems.
“This cohort study of ransomware attacks documented growth in their frequency and sophistication. Ransomware attacks disrupt care delivery and jeopardize information integrity,” the researchers concluded. “Current monitoring/reporting efforts provide limited information and could be expanded to potentially yield a more complete view of how this growing form of cybercrime affects the delivery of health care.”