The article discusses the growing threat of ransomware attacks on healthcare providers and their impacts on patient safety and care delivery. A recent attack on Manchester Memorial Hospital and 16 other hospitals within Prospect Medical Holdings health system in the US resulted in a six-week disruption of services, including emergency care and elective surgeries, and culminated in the theft and sale of 1.3 terabytes of patient data on the dark web. The authors suggest that to mitigate such threats, hospitals and policymakers need to invest in cybersecurity, consider insurance market reforms, and design incident response protocols that prioritize patient safety.
Understanding the Impact of Ransomware Attacks on Healthcare Systems
Manchester Memorial Hospital, Connecticut, became a victim of a ransomware attack in early August. The incident led to emergency patients being redirected, canceled surgeries, and no access to vital imaging equipment. The clinical staff found themselves relying on pen and paper as electronic health records became inaccessible. It took six weeks for the hospital to recover fully.
The attack didn’t just affect this hospital. The same ransomware led to disruptions across 16 hospitals and other healthcare facilities within the Prospect Medical Holdings health system. Rhysida, the ransomware perpetrator, advertised 1.3 terabytes of stolen patient data for sale on the dark web at an asking price of 50 Bitcoin (~$1.3 million).
Risks of Cyberattacks in Healthcare
Research indicates that healthcare providers are increasingly vulnerable to cyberattacks such as ransomware. These attacks disrupt operations and endanger patient safety, prompting the need to gauge their potential damage.
Healthcare is a tempting target for hackers due to its complex network of electronic systems, distracted users, and critical life-or-death situations. Ransomware attacks can often force providers to choose between paying the ransom and risking patient safety.
Measuring the Impact of Ransomware Attacks on Patient Care
A recent study revealed the devastating impact of ransomware attacks on hospital operations. It found that patient volume drops by about 20% during the first week of an attack, with revenue decreases matching or exceeding this figure. Hospitals end up treating fewer patients and providing less care, especially imaging and testing services, during these attacks.
Ransomware attacks can directly harm patients. Without access to electronic health records, care teams may be unaware of patient medications or allergies. Treatment delays may occur when lab results need to be hand-delivered, and without electronic monitoring, staff may find it hard to monitor patients without being physically present in the room.
Implications of Ransomware Attacks on Health Outcomes
Our studies reveal an increase in in-hospital mortality rates during ransomware attacks. From 2016 to 2021, we estimate that ransomware attacks resulted in the deaths of between 42 and 67 Medicare patients. The actual figure, however, could be higher when considering patients with other types of health insurance.
Ripple Effects of Ransomware Attacks on Healthcare Systems
When assessing the impact of ransomware attacks, it’s crucial to consider the broader healthcare system. Attacks not only impact the targeted hospital but also nearby hospitals and patients. For example, a hospital under attack may divert ambulances to other facilities, potentially causing overcrowding.
Cybersecurity Improvements and Response Protocols
As we quantify the implications of ransomware attacks, two priorities emerge from our research. First, we need to prevent cyberattacks. This means investing in cybersecurity efforts, incentivizing evidence-based cybersecurity recommendations, and considering longer-term changes like workforce investments.
Second, since cyberattacks are likely to continue, we need to design incident response protocols to ensure patient safety. More severe ransomware attacks are more harmful to patients. Therefore, if we can reduce the disruptions caused by these attacks, we can save lives. This requires careful planning at hospital, local community, and overall health system levels.