How frequently do healthcare organizations experience ransomware attacks, and how have the characteristics of ransomware attacks changed over time? A new study published in the JAMA Health Forum finds that the answer is as troubling as it seems.
In this study of 374 ransomware attacks, the annual number of ransomware attacks on healthcare organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million patients. During the study period, ransomware attacks exposed larger quantities of personal health information and grew more likely to affect large organizations with multiple facilities.
The study results suggest that ransomware attacks on healthcare organizations are increasing in frequency and sophistication and that disruptions to care during ransomware attacks might threaten patient safety and outcomes. Anecdotal evidence also suggests that healthcare organizations face a growing threat from ransomware attacks that are designed to disrupt care delivery and may consequently threaten patient outcomes.
More specifically, ransomware attacks on healthcare organizations:
- increasingly affected large organizations with multiple facilities
- exposed the personal health information of more patients
- were less likely to be restored from data backups
- were more likely to exceed mandatory reporting timelines
- increasingly were associated with delays or cancellations of scheduled care.