Between 2016 and 2021, ransomware attacks on healthcare organisations more than doubled, compromising the personal information of tens of millions of patients and perhaps risking their care.
Researchers report in the journal JAMA Health Forum that 374 ransomware attacks were launched against clinics, hospitals, dental offices, diagnostic laboratories, emergency medical services, and other health care delivery organizations between 2016 and 2021. This is thought to be the first census of such attacks. The annual number of attacks increased throughout that time from 43 to 91. The hacks made roughly 42 million patients’ private health information available.
Researchers from the University of Minnesota and Beth A. Virnig, Ph.D., M.P.H., dean of the University of Florida College of Public Health and Health Professions, who moved to UF from the University of Minnesota last year, worked together to perform the study.
Ransomware assaults incorporate software into organizations’ electronic systems that is aimed to obstruct operations until payment demands are met, unlike other data breaches that might just be intended to steal data.
“Like all health care organizations, the threat of ransomware attacks is one of our biggest security concerns”, “The finding that these attacks are becoming more frequent and more complex is particularly worrisome.”
David R. Nelson, M.D., senior vice president for health affairs at UF and president of UF Health
According to a recent study, the delivery of healthcare was impacted by nearly half of ransomware assaults throughout the study period. These interruptions caused computerised systems to go offline, which frequently forced healthcare professionals to use pen and paper charts, postpone appointments, and reroute ambulances away from hospital emergency rooms. Ransomware assaults on healthcare organisations are classified as threat to life crimes by the American Hospital Association due to the dangers they represent to patient care.
Additionally, the researchers discovered that ransomware assaults on healthcare organizations grew more complex. Organizations have a decreasing likelihood of being able to restore data from backup systems with time. In addition, attacks on firms with many facilities grew and patient data theft became more likely to become public.
For the study, researchers developed a data source called Tracking Healthcare Ransomware Events and Traits, or THREAT, which combines information from the cybersecurity firm HackNotice with information from the Office of Civil Rights Data Breach Portal of the U.S. Department of Health and Human Services. Searches of local news articles, public disclosures, and press coverage in the health care industry provided further information. Despite thorough investigation, the authors claim that underreporting causes the frequency of ransomware attacks in the healthcare industry to be overestimated.
“Information security practices such as two-factor identification and mandatory trainings may seem like an inconvenience for those of us who work in health systems, but those practices are a relatively small burden when we look at the very serious impact ransomware attacks can have on the ability to safely and effectively care for patients.”
Beth A.Virnig, Ph.D., M.P.H., dean of the University of Florida College of Public Health and Health Professions, who joined UF last year from the University of Minnesota.