Research Finds Patterns In Ransomware Attacks On Health Sector

A recent analysis published in the JAMA Health Forum has revealed that healthcare ransomware attacks have grown exponentially in the past 5 years, causing a decline in data recovery from backups. Furthermore, it found that it is now commonplace for stolen data to be made public after a successful attack.

To conduct their analysis, the researchers used data collected from the Tracking Healthcare Ransomware Events and Traits (THREAT) database. This database gathers information from a multitude of sources, including the HHS’ Office for Civil Rights breach portal, HackNotice, press releases from victims, media reports, and dark web monitoring. The analysis was conducted between 2016 and 2021 and showed an alarming increase in the number of ransomware attacks. There were 43 attacks in 2016, but that number had more than doubled to 93 by 2021. Similarly, the number of records impacted by the attacks went from 1.3 million records in 2016 to 16.5 million records in 2021. It is worth noting that the data is unavailable on the extent of PHI exposure in 22.5% of the 374 reported attacks. Of the documented attacks, only 20.6% of healthcare organizations were able to restore data from backups and 15.8% of the stolen data were posted online. 

According to the research, ransomware attacks are most commonly seen in clinics, followed by hospitals and other delivery organization types. Of the reported cases, 54.3% were late notifications. Although it is difficult to assess the impacts on patient care, evidence suggests that 44.4% of attacks have caused disruption to care, often resulting in IT system downtime, canceled appointments, and ambulance diversion. In 8.6% of cases, the disruption lasted at least 2 weeks, therefore potentially putting patient safety and outcomes at risk.

The researchers determined that ransomware attacks against healthcare institutions have been growing in complexity and frequency. Not only do these attacks now affect multiple facilities, but they also prevent access to patient data, impede healthcare services, and even reveal patient information. As a result, the researchers have urged policymakers to prioritize the needs of healthcare organizations in order to ensure the quality and safety of patient care.