New Rule May Prohibit Healthcare Facilities From Paying Ransom During Cyberattacks

When hacked, IT systems can be taken offline until a ransom is paid. 

By Mackenna Moralez, Associate Editor


Cyberattacks are becoming all too common. For just the healthcare industry, the number of attacks on hospitals has doubled each year between 2016 and 2021 from 43 to 91, according to research conducted by the Journal of the American Medical Association. 

The high value of data that cyber criminals get from hospitals and other healthcare facilities allow for better financial gain. They can either sell stolen sensitive medical information on the dark web or extort a ransom from the attacked companies. According to the Software Advice survey, 11 percent of large medical practices permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. Meanwhile, a report Medigate and CrowdStrike, only 69 percent of respondents who paid a ransom said that its data was fully restored. 

While there is currently no law that prohibits companies from paying ransoms, the Biden Administration is now considering a rule that would forbid companies from doing so.  

Hospitals and other healthcare facilities are often put in a tough place when it comes to a cyberattack: they could either risk patients’ data being stolen and put lives on the line, or they could pay the ransom fee, while still risking patients’ lives.  

When hacked, IT systems can be taken offline until a ransom is paid. As more hospitals and other healthcare facilities move toward digital operations, this could potentially delay patient care. A single cyberattack on one hospital could have a detrimental effect on other healthcare facilities within the region. For example, a ransomware attack at the University of Vermont Medical Center disrupted its system for 28 days, resulting in over $50 million worth of damage, ABC News reports. During this time, appoints were rescheduled or even canceled. Some patients were prompted to go to other facilities, prompting longer wait times and some patients left unseen. 

If passed, the rule prohibiting ransom payouts could be flexible for organizations that provide emergency care. Hospitals and other healthcare facilities could seek government approval to pay the ransom in order to gain access to their systems, according to Politico.  

Mackenna Moralez is the associate editor for the facilities market.  



May 18, 2023


Topic Area: Information Technology , Safety , Security

Recent Posts

What 'Light' Daily Cleaning of Patient Rooms Misses

Most environmental services workers still clean as if they were wiping dust off a countertop, not disrupting a living, structured community.

Sprinkler Compliance: Navigating Code Mandates, Renovation Triggers and Patient Safety

As CMS deadlines approach and renovation projects accelerate, healthcare facility managers must understand how NFPA 101, state fire codes and sprinkler design strategies intersect.

MUSC Board of Trustees Approves $1.1B South Carolina Cancer Hospital

Research and education are intentionally embedded in the hospital’s design, with dedicated spaces for scientific collaboration, clinical investigation and training.

Study Outlines Hand Hygiene Guidelines for EVS Staff

Researchers find that current guidelines for hand hygiene don’t include EVS workers and suggest indicators to fill that gap.

McCarthy Completes $65M Sharp Rees-Stealy Kearny Mesa MOB Modernization

The completed tenant improvement includes approximately 100,000 square feet of improved space across two buildings and represents an investment of $65 million.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.