New Rule May Prohibit Healthcare Facilities From Paying Ransom During Cyberattacks

When hacked, IT systems can be taken offline until a ransom is paid. 

By Mackenna Moralez, Associate Editor


Cyberattacks are becoming all too common. For just the healthcare industry, the number of attacks on hospitals has doubled each year between 2016 and 2021 from 43 to 91, according to research conducted by the Journal of the American Medical Association. 

The high value of data that cyber criminals get from hospitals and other healthcare facilities allow for better financial gain. They can either sell stolen sensitive medical information on the dark web or extort a ransom from the attacked companies. According to the Software Advice survey, 11 percent of large medical practices permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. Meanwhile, a report Medigate and CrowdStrike, only 69 percent of respondents who paid a ransom said that its data was fully restored. 

While there is currently no law that prohibits companies from paying ransoms, the Biden Administration is now considering a rule that would forbid companies from doing so.  

Hospitals and other healthcare facilities are often put in a tough place when it comes to a cyberattack: they could either risk patients’ data being stolen and put lives on the line, or they could pay the ransom fee, while still risking patients’ lives.  

When hacked, IT systems can be taken offline until a ransom is paid. As more hospitals and other healthcare facilities move toward digital operations, this could potentially delay patient care. A single cyberattack on one hospital could have a detrimental effect on other healthcare facilities within the region. For example, a ransomware attack at the University of Vermont Medical Center disrupted its system for 28 days, resulting in over $50 million worth of damage, ABC News reports. During this time, appoints were rescheduled or even canceled. Some patients were prompted to go to other facilities, prompting longer wait times and some patients left unseen. 

If passed, the rule prohibiting ransom payouts could be flexible for organizations that provide emergency care. Hospitals and other healthcare facilities could seek government approval to pay the ransom in order to gain access to their systems, according to Politico.  

Mackenna Moralez is the associate editor for the facilities market.  



May 18, 2023


Topic Area: Information Technology , Safety , Security

Recent Posts

Building Envelope Design: Beyond Energy Efficiency

An integrated approach to envelope design can create more comfortable and energy-efficient hospitals.

Outpatient Surge Reshapes Long-Term Strategy for Medical Outpatient Buildings

Demographic tailwinds, policy uncertainty and shifting care models are pushing health systems to rethink how and where they invest in outpatient facilities.

Mercy Medical Center to Be Integrated into Baystate Health

Until the transition is complete and receives all regulatory approvals, Mercy Medical Center and Baystate Health will continue to operate independently.

Managing IAQ in Healthcare Facilities During Wildfires

Wildfires are becoming more prevalent across the country. Facilities must be prepared to handle their effects on air quality. 

Building Hospital Resilience in an Era of Extreme Weather

Expert Jennifer Mahan discusses the vulnerabilities healthcare facilities face during disasters and the infrastructure strategies that keep operations running.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.