New Rule May Prohibit Healthcare Facilities From Paying Ransom During Cyberattacks

When hacked, IT systems can be taken offline until a ransom is paid. 

By Mackenna Moralez, Associate Editor
May 18, 2023

Cyberattacks are becoming all too common. For just the healthcare industry, the number of attacks on hospitals has doubled each year between 2016 and 2021 from 43 to 91, according to research conducted by the Journal of the American Medical Association. 

The high value of data that cyber criminals get from hospitals and other healthcare facilities allow for better financial gain. They can either sell stolen sensitive medical information on the dark web or extort a ransom from the attacked companies. According to the Software Advice survey, 11 percent of large medical practices permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. Meanwhile, a report Medigate and CrowdStrike, only 69 percent of respondents who paid a ransom said that its data was fully restored. 

While there is currently no law that prohibits companies from paying ransoms, the Biden Administration is now considering a rule that would forbid companies from doing so.  

Hospitals and other healthcare facilities are often put in a tough place when it comes to a cyberattack: they could either risk patients’ data being stolen and put lives on the line, or they could pay the ransom fee, while still risking patients’ lives.  

When hacked, IT systems can be taken offline until a ransom is paid. As more hospitals and other healthcare facilities move toward digital operations, this could potentially delay patient care. A single cyberattack on one hospital could have a detrimental effect on other healthcare facilities within the region. For example, a ransomware attack at the University of Vermont Medical Center disrupted its system for 28 days, resulting in over $50 million worth of damage, ABC News reports. During this time, appoints were rescheduled or even canceled. Some patients were prompted to go to other facilities, prompting longer wait times and some patients left unseen. 

If passed, the rule prohibiting ransom payouts could be flexible for organizations that provide emergency care. Hospitals and other healthcare facilities could seek government approval to pay the ransom in order to gain access to their systems, according to Politico.  

Mackenna Moralez is the associate editor for the facilities market.  

See the latest posts on our homepage Share

Topic Area: Information Technology , Safety , Security

Recent Posts
Recent Posts

Can Adding Moisturizer to Hand Soaps Help Fight Skin Irritation from Frequent Handwashing?

Soap manufacturers join to discuss what kind of moisturizers can be included in hand soaps.


Albany ENT & Allergy Services Targeted by Two Ransomware Groups

The protected health information of over 220,000 individuals was accessed.


Novant Health Breaks Ground on Scotts Hill Medical Center Project

The new facility aims to be a one-stop healthcare destination.


Heat Pump Installation Reduces Costs, Improves Efficiencies

University Health Network’s Bickle Center finds success with heat recovery alternative.


Man Dies After Falling Out of Hospital Window

A man fell out of a hospital window after threatening hospital staff and a police officer.



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like