The Rise of Ransomware in Health Care

January 06, 2023

Health care organizations continue to face a significant threat from ransomware attacks that aim to disrupt the delivery of care.

A new report in JAMA Health Forum found that ransomware attacks on health care delivery organizations more than doubled from 2016 to 2021, highlighting the need to stay vigilant to bolster cybersecurity.

“As health care delivery organizations have increased their reliance on health information technology, they have also increased their exposure to new cybersecurity risks, such as ransomware attacks,” the study authors noted.

Among the key takeaways:

• By the numbers:  There were at least 374 ransomware attacks from 2016 through 2021
• Increasing concern:  During that span, the annual number of ransomware attacks increased from 43 to 91
• Facility type:  Clinics most commonly experienced ransomware attacks, followed by hospitals, other delivery organizations, and ambulatory surgical centers
• Disrupting care:  Nearly 9 percent of the ransomware attacks resulted in a disruption lasting more than two weeks, including downtime for electronic health record systems and delays or cancellations in scheduled care
• Quotable:  “Ransomware attacks disrupt care delivery and jeopardize information integrity. Current monitoring/reporting efforts provide limited information and could be expanded to potentially yield a more complete view of how this growing form of cybercrime affects the delivery of health care,” the report noted.

HAP and Pennsylvania’s hospitals continue to monitor the latest cybersecurity developments and encourage everyone to be aware of the digital threats around us. This includes following these bedrock cybersecurity principles:

• Maintaining offline, encrypted backups of data and regularly test your backups
• Conducting regular scans to identify and address vulnerabilities
• Regularly patching and updating software and operating systems
• Training employees regarding phishing and other IT attacks

Learn more about how you can bolster cybersecurity in our HAP blog.