Cybersecurity threats where hackers encrypt computer networks and demand payment for their restoration can have devastating consequences - not just for the targeted hospitals, but for the broader healthcare industry surrounding them.
What happened
A recent study titled, “Ransomware Attacks, ED Visits and Inpatient Admissions in Targeted and Nearby Hospitals” has shown the far-reaching impact of ransomware attacks, revealing how they can disrupt healthcare service delivery, strain nearby facilities' resources, and ultimately jeopardize patient outcomes across an entire region.
Going deeper
The rise of ransomware attacks in healthcare
The healthcare sector has become a prime target for ransomware attacks, with the frequency and sophistication of these incidents increasing in recent years. According to a study published in JAMA Health Forum, ransomware attacks on US hospitals, clinics, and other healthcare delivery organizations doubled between 2016 and 2021, affecting the health information of nearly 42 million patients.
Researchers attribute this surge in part to the COVID-19 pandemic, which placed strain on healthcare systems and exposed vulnerabilities in their digital infrastructure. Cybercriminals have capitalized on these weaknesses, recognizing the imperativeness of uninterrupted medical services and the potential for lucrative payouts from desperate institutions.
The ripple effect on nearby hospitals
One of the most concerning findings from recent research is how ransomware attacks on individual hospitals can have a ripple effect on nearby, unaffected healthcare facilities. For example, a study published in JAMA Network Open found that hospitals adjacent to those targeted by ransomware attacks may experience increases in patient census and resource constraints, affecting their ability to provide timely, high-quality care.
The researchers observed that when a ransomware attack hits a hospital, the nearby facilities often see a surge in emergency department visits and inpatient admissions, as patients seek alternative care options. This influx of patients can quickly overwhelm the resources and staffing of these unattacked hospitals, leading to longer wait times, delayed treatments, and potential complications for time-sensitive conditions such as acute stroke.
The lasting impact on patient care
The disruptions caused by ransomware attacks can have consequences for patient care, both in the immediate aftermath and in the long term. Studies have shown that it can take targeted hospitals up to 8 weeks to return to their pre-attack levels of emergency department visits and inpatient admissions, during which time patients may face delays in accessing essential medical services.
Furthermore, the financial and operational strain of recovering from a ransomware attack can have lasting effects on a healthcare system's ability to invest in new technologies, maintain staffing levels, and provide complete care. This can ultimately lead to poorer health outcomes for patients, particularly those with chronic or complex conditions that require consistent, high-quality treatment.
In the know
The threat of ransomware attacks is only expected to grow more severe. Cybercriminals are constantly developing new and more sophisticated methods of infiltrating computer systems, making it increasingly challenging for healthcare organizations to stay ahead of the curve.
Recent high-profile incidents, such as the ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, have proven the scale and sophistication of these attacks. In the Change Healthcare case, the hackers demanded a $22 million ransom, showing the potentially devastating financial consequences for targeted institutions.
Farah Amod
