Ransomware Attacks: Are Hospitals Killing Patients?

Ransomware attacks on hospitals have become increasingly common, with organised criminal gangs and military units replacing individual hackers as the primary perpetrators. These attacks directly threaten hospitals and endanger patients' lives, causing a rise in mortality rates and threatening critical services. Although it is challenging to establish a direct causal link between ransomware attacks and fatalities, research estimates that from 2016 to 2021, between 42 and 67 Medicare patients died as a result of such attacks. The true number of deaths is likely higher when considering patients with other types of insurance.

Ransomware attacks on hospitals put patients' lives at risk

Ransomware attacks on hospitals have become an increasingly common threat to public health and safety. These attacks directly threaten hospitals and endanger patients' lives. During a ransomware attack, hospitals often resort to manual processes that lack the safety checks and efficiency of electronic health records, increasing the risk of error and missed diagnoses. This can lead to treatment delays, reduced care quality, and excess deaths.

A recent study by health economists found that in-hospital mortality rates increase by 20 to 35% during a ransomware attack. Another analysis estimates that from 2016 to 2021, between 42 and 67 Medicare patients died as a result of ransomware attacks, with the true number likely being even higher when including patients with other types of health insurance. The frequency, sophistication, and severity of ransomware attacks on healthcare providers have been rising over the years, with organized criminal gangs and military units replacing individual hackers as the primary perpetrators.

The impact of ransomware attacks on hospitals can be devastating, forcing hospitals to cancel procedures, reroute emergency patients to other facilities, and disrupting critical services. For example, a ransomware attack on Synnovis, a pathology services provider to the NHS in London, caused problems with blood tests and transfusions, delaying cancer treatments and elective procedures across several hospitals. Similarly, a 2019 ransomware attack on Springhill Medical Center in Alabama resulted in disruptions that led to a newborn's death, as outlined in a lawsuit filed against the hospital.

To mitigate the impact of ransomware on patient care, some hospitals have started implementing ransomware response protocols. However, the current law enforcement efforts have not been sufficient to curb the rising tide of attacks on hospitals and critical infrastructure. As a result, policies and approaches to protecting against ransomware need to evolve at the hospital, national, and international levels.

The frequency, sophistication and severity of ransomware attacks on hospitals have increased

The frequency, sophistication, and severity of ransomware attacks on hospitals have increased, posing a direct threat to public health and safety. These attacks have become more common, complex, and dangerous, with organized criminal gangs and military units replacing individual hackers as the primary perpetrators. Several factors contribute to the increasing frequency, sophistication, and severity of ransomware attacks on hospitals:

Firstly, the shift from individual hackers to organized criminal enterprises has led to more sophisticated attacks. These groups reinvest their illegal profits into developing more potent malware and enhancing their computer infrastructure, making their attacks more challenging to defend against. They specifically target medical devices, networks, servers, PCs, databases, and medical records, causing significant disruptions and endangering patient lives.

Secondly, the nature of healthcare as a life-or-death matter amplifies the impact of ransomware attacks. Hospitals become vulnerable to extortion, forced to choose between paying ransoms and providing inadequate care. This difficult position can lead to reduced care quality, delayed treatments, and increased risks of errors and missed diagnoses, ultimately endangering patient lives.

Moreover, the increasing frequency of ransomware attacks on hospitals has severe consequences. During a ransomware attack, in-hospital mortality rates increase, and hospitals often need to reroute emergency patients to other facilities. For example, the 2017 WannaCry ransomware attack forced five United Kingdom hospital emergency departments to close and divert patients. These attacks also impact neighboring hospitals, causing a surge in patients and affecting survival rates for critical cases, such as cardiac arrest.

The severity of ransomware attacks on hospitals is evident in the disruption they cause to critical services. Attacks on healthcare providers can delay crucial treatments, such as cancer therapies, and disrupt essential processes like billing, patient eligibility verification, and prescription management. These delays and disruptions can have life-threatening consequences for patients, further highlighting the severity of the attacks.

While establishing a direct causal link between ransomware attacks and fatalities is challenging, research suggests a correlation between the two. For instance, an analysis estimates that from 2016 to 2021, between 42 and 67 Medicare patients died due to ransomware attacks, with the true number likely being higher when considering patients with other insurance coverages. Additionally, hospitals' response to ransomware attacks, such as implementing manual processes, can introduce risks of errors and missed diagnoses, further endangering patient lives.

Ransomware attacks on hospitals are threat-to-life crimes

These attacks have caused service disruptions and outages, endangering patients' lives and impacting survival rates. Research shows that the risk of dying for hospitalised patients increases during a ransomware attack. In-hospital mortality rates increase by 20 to 35% during such attacks. From 2016 to 2021, it is estimated that ransomware attacks killed between 42 and 67 Medicare patients. This number does not include patients with other types of health insurance, so the true number is likely higher.

The direct causal link between ransomware attacks and fatalities is often challenging to establish. However, the indirect connection is evident. Hospitals often resort to manual processes during cyber incidents, which lack the safety checks and efficiency of electronic health records. This increases the risk of errors and missed diagnoses, leading to excess deaths.

The impact of ransomware attacks on patient care is significant. They can cause delays in treatments, disruptions in services, and reduced care quality. For example, a ransomware attack on a pathology services provider to the NHS in London caused problems with blood tests and transfusions, delaying crucial cancer treatments. In another instance, a ransomware attack on a company that processes 15 billion healthcare transactions annually led to prescription delays and issues with discharging patients from hospitals.

To protect against these attacks, hospitals have started implementing ransomware response protocols. However, law enforcement efforts have not been able to curb the rising tide of attacks. As such, policies and approaches to cybersecurity in the healthcare sector need to evolve to address this growing threat effectively.

Ransomware attacks on hospitals have caused excess deaths

Ransomware attacks on hospitals have become increasingly common, with organised criminal gangs and military units replacing individual hackers as the primary perpetrators. These attacks have led to disruptions in medical care, endangering patients' lives and causing excess deaths.

During a ransomware attack, hospitals may be forced to manually process patient information, which lacks the safety checks and efficiency of electronic health records. This increases the risk of errors and missed diagnoses, leading to potential harm to patients. In some cases, hospitals have had to cancel procedures and reroute emergency patients to other facilities.

Research has found that the risk of dying increases for patients who are admitted to a hospital during a ransomware attack. One study estimated that the in-hospital mortality rate increases by 20 to 35% during these attacks. Another analysis estimated that from 2016 to 2021, between 42 and 67 Medicare patients died as a direct result of ransomware attacks, with the true number likely being higher when including patients with other types of insurance.

The impact of ransomware attacks on hospitals extends beyond patient deaths. They also cause significant disruptions to healthcare operations, including delays in treatments, prescriptions, and discharges. These attacks have targeted not only hospital networks and servers but also specific medical devices, such as diagnostic tools, and pathology services.

To mitigate the impact of ransomware on patient care and reduce the risk of excess deaths, hospitals have begun implementing ransomware response protocols. However, the increasing sophistication and severity of these attacks call for stronger policies and approaches to protecting against ransomware at the hospital, national, and international levels.

Hospitals have implemented ransomware response protocols to mitigate the impact on patients

Ransomware attacks on hospitals are not white-collar crimes but threat-to-life crimes as they directly threaten a hospital's ability to provide patient care, which puts patient safety at risk. During the early days of the COVID-19 outbreak, phishing emails and other cyberattacks on hospitals increased as cybercriminals treated the pandemic as an opportunity to exploit, victimize, and profit. The perpetrators of these attacks are often organized criminal gangs and military units.

Ransomware attacks on hospitals can have devastating consequences, including delayed treatments, diverted emergency patients, and data exposure concerns. For example, the 2017 WannaCry ransomware attack infected 1,200 diagnostic devices, temporarily took others out of service, and forced five United Kingdom hospital emergency departments to close and divert patients. These attacks can also impact survival rates and threaten other critical services. One recent example is the ransomware attack on Synnovis, a pathology services provider to the NHS in London, which caused problems with blood tests and transfusions, delaying crucial cancer treatments and elective procedures across several hospitals.

To mitigate the impact of ransomware on patient care, some hospitals have begun implementing ransomware response protocols. For instance, Children's National Hospital has introduced "Code Dark" procedures. At the regional level, healthcare organizations should forge partnerships that allow healthcare facilities to share capacity and resources, ensuring that patient care continues even when some hospitals are affected by ransomware. This form of collective defense can also help manage patient overflow and distribute the burden across healthcare providers.

The Department of Health and Human Services (HHS) has published voluntary healthcare-specific Cybersecurity Performance Goals (CPGs) to help healthcare organizations implement high-impact cybersecurity practices, improve cyber resiliency, and protect patient health information and safety. By following these guidelines, healthcare organizations can help mitigate the impact of ransomware attacks and prevent future incidents. However, hospital efforts alone are not enough to reshape the geopolitical forces that lead to many cyberattacks on them. A coordinated federal response is necessary, involving law enforcement, legislative, military, and intelligence assets in the defense of hospitals and patients.

Frequently asked questions