New Rule May Prohibit Healthcare Facilities From Paying Ransom During Cyberattacks

When hacked, IT systems can be taken offline until a ransom is paid. 

By Mackenna Moralez, Associate Editor


Cyberattacks are becoming all too common. For just the healthcare industry, the number of attacks on hospitals has doubled each year between 2016 and 2021 from 43 to 91, according to research conducted by the Journal of the American Medical Association. 

The high value of data that cyber criminals get from hospitals and other healthcare facilities allow for better financial gain. They can either sell stolen sensitive medical information on the dark web or extort a ransom from the attacked companies. According to the Software Advice survey, 11 percent of large medical practices permanently lost their data after either making no attempt to pay a ransom or paying but still not recovering their stolen data. Meanwhile, a report Medigate and CrowdStrike, only 69 percent of respondents who paid a ransom said that its data was fully restored. 

While there is currently no law that prohibits companies from paying ransoms, the Biden Administration is now considering a rule that would forbid companies from doing so.  

Hospitals and other healthcare facilities are often put in a tough place when it comes to a cyberattack: they could either risk patients’ data being stolen and put lives on the line, or they could pay the ransom fee, while still risking patients’ lives.  

When hacked, IT systems can be taken offline until a ransom is paid. As more hospitals and other healthcare facilities move toward digital operations, this could potentially delay patient care. A single cyberattack on one hospital could have a detrimental effect on other healthcare facilities within the region. For example, a ransomware attack at the University of Vermont Medical Center disrupted its system for 28 days, resulting in over $50 million worth of damage, ABC News reports. During this time, appoints were rescheduled or even canceled. Some patients were prompted to go to other facilities, prompting longer wait times and some patients left unseen. 

If passed, the rule prohibiting ransom payouts could be flexible for organizations that provide emergency care. Hospitals and other healthcare facilities could seek government approval to pay the ransom in order to gain access to their systems, according to Politico.  

Mackenna Moralez is the associate editor for the facilities market.  



May 18, 2023


Topic Area: Information Technology , Safety , Security

Recent Posts

A 'Superbug' Is on the Rise in Hospitals

CDC data on C. auris in New York, Illinois, California, Florida and Nevada found more than 1,000 reported cases each in 2023.

The Next Generation of Security Tech in Healthcare Facilities

Manufacturers discuss how AI-powered CCTV and touchless weapon detection are redefining how hospitals protect patients and staff.

Encompass Health Rehabilitation Hospital of St. Petersburg Opens

This marks the opening of Encompass’ twenty-fifth location in Florida.

Why More Facilities are Adding Gender Neutral Restrooms

Gender neutral restrooms help avoid controversy in public facilities.

Massachusetts Hospital Cyberattack Reflects Growing Vulnerability in Healthcare Systems

As outages disrupt patient care and emergency services, facility leaders are reminded that cybersecurity is a shared responsibility.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.