Ransomware Attacks on Health Care Organizations on the Rise

Nearly twofold increase in annual number of attacks seen from 2016 to 2021, exposing information of nearly 42 million patients

By Elana Gotkine HealthDay Reporter

THURSDAY, Dec. 29, 2022 (HealthDay News) — From 2016 to 2021, there was an increase in ransomware attacks on health care delivery organizations, exposing the personal health information (PHI) of nearly 42 million patients, according to a study published online Dec. 29 in JAMA Health Forum.

Hannah T. Neprash, Ph.D., from the University of Minnesota in Minneapolis, and colleagues quantified the frequency and characteristics of ransomware attacks on health care delivery organizations in a cohort study using data from the Tracking Healthcare Ransomware Events and Traits database from 2016 to 2021.

The researchers found that 374 ransomware attacks on U.S. health care delivery organizations exposed the PHI of almost 42 million patients from January 2016 to December 2021. The annual number of attacks increased more than twofold from 43 to 91 from 2016 to 2021. The delivery of health care was disrupted in 44.4 percent of ransomware attacks; common disruptions included electronic system downtime, cancellations of scheduled care, and ambulance diversion (41.7, 10.2, and 4.3 percent, respectively). Ransomware attacks on health delivery organizations increasingly affected large organizations with multiple facilities from 2016 to 2021, exposed the PHI of more patients, and were increasingly associated with delays or cancellations of scheduled care.

“As policy makers craft legislation aimed at countering the threat of ransomware attacks across multiple industries, we urge them to focus on the specific needs of health care delivery organizations, for which operational disruptions may carry substantial implications for the quality and safety of patient care,” the authors write.

Abstract/Full Text

Copyright © 2022 HealthDay. All rights reserved.