The researchers found that 374 attacks on U.S. health care delivery organizations exposed the PHI of almost 42 million patients from January 2016 to December 2021.
From 2016 to 2021, there was an increase in ransomware attacks on health care delivery organizations, exposing the personal health information (PHI) of nearly 42 million patients, according to a study published online Dec. 29 in JAMA Health Forum.
Hannah T. Neprash, Ph.D., from the University of Minnesota in Minneapolis, and colleagues quantified the frequency and characteristics of attacks on health care delivery organizations in a cohort study using data from the Tracking Healthcare Ransomware Events and Traits database from 2016 to 2021.
The researchers found that 374 attacks on U.S. health care delivery organizations exposed the PHI of almost 42 million patients from January 2016 to December 2021. The annual number of attacks increased more than twofold from 43 to 91 from 2016 to 2021.
The delivery of health care was disrupted in 44.4 percent of ransomware attacks; common disruptions included electronic system downtime, cancelations of scheduled care, and ambulance diversion (41.7, 10.2, and 4.3 percent, respectively).
Ransomware attacks on health delivery organizations increasingly affected large organizations with multiple facilities from 2016 to 2021, exposed the PHI of more patients, and were increasingly associated with delays or cancelations of scheduled care.
“As policy makers craft legislation aimed at countering the threat of ransomware attacks across multiple industries, we urge them to focus on the specific needs of health care delivery organizations, for which operational disruptions may carry substantial implications for the quality and safety of patient care,” the authors write.
Ransomware attacks on healthcare organizations can have serious consequences, as they can disrupt the delivery of essential medical services and potentially put lives at risk. These attacks involve hackers using ransomware to encrypt a victim’s data, making it inaccessible until a ransom is paid to decrypt it.
In recent years, there have been several high-profile ransomware attacks on healthcare organizations. For example, in 2020, the ransomware attack on the Universal Health Services (UHS) hospital system in the United States caused significant disruptions to the delivery of medical services at several of its hospitals.
In 2021, the ransomware attack on the Colonial Pipeline Company disrupted the supply of fuel to the East Coast of the United States, and had a knock-on effect on some healthcare organizations that were unable to obtain certain medications due to the disruption.
Originally published at Medicalxpress