New Rule May Prohibit Healthcare Facilities From Paying Ransom During Cyberattacks

When hacked, IT systems can be taken offline until a ransom is paid. 

By Mackenna Moralez, Associate Editor


Cyberattacks are becoming all too common. For just the healthcare industry, the number of attacks on hospitals has doubled each year between 2016 and 2021 from 43 to 91, according to research conducted by the Journal of the American Medical Association. 

The high value of data that cyber criminals get from hospitals and other healthcare facilities allow for better financial gain. They can either sell stolen sensitive medical information on the dark web or extort a ransom from the attacked companies. According to the Software Advice survey, 11 percent of large medical practices permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. Meanwhile, a report Medigate and CrowdStrike, only 69 percent of respondents who paid a ransom said that its data was fully restored. 

While there is currently no law that prohibits companies from paying ransoms, the Biden Administration is now considering a rule that would forbid companies from doing so.  

Hospitals and other healthcare facilities are often put in a tough place when it comes to a cyberattack: they could either risk patients’ data being stolen and put lives on the line, or they could pay the ransom fee, while still risking patients’ lives.  

When hacked, IT systems can be taken offline until a ransom is paid. As more hospitals and other healthcare facilities move toward digital operations, this could potentially delay patient care. A single cyberattack on one hospital could have a detrimental effect on other healthcare facilities within the region. For example, a ransomware attack at the University of Vermont Medical Center disrupted its system for 28 days, resulting in over $50 million worth of damage, ABC News reports. During this time, appoints were rescheduled or even canceled. Some patients were prompted to go to other facilities, prompting longer wait times and some patients left unseen. 

If passed, the rule prohibiting ransom payouts could be flexible for organizations that provide emergency care. Hospitals and other healthcare facilities could seek government approval to pay the ransom in order to gain access to their systems, according to Politico.  

Mackenna Moralez is the associate editor for the facilities market.  



May 18, 2023


Topic Area: Information Technology , Safety , Security

Recent Posts

Contaminants Under Foot: A Closer Look at Patient Room Floors

So-called dust bunnies on hospital room floors contain dust particles that turn out to be the major source of the bacteria humans breathe.

Power Outages Largely Driven by Extreme Weather Events

Almost half of power outages in the United States were caused by power outages.

Nemours Children's Health Opens New Moseley Foundation Institute Hospital

Code Compliance Isn't Enough for Healthcare Resilience

Intensifying climate risks are pushing hospitals to think beyond code requirements and toward long-term resilience.

Ribbon Cutting Marks First Phase Completion for New Montefiore Einstein Facility

The second phase is expected to be completed in the second half of 2027.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.