Healthcare ransomware attacks have doubled in the last 5 years, data restoration from backups has lessened, and it is now typical for information to be stolen and published publicly subsequent to a successful attack, based on new research lately posted in the JAMA Health Forum.
It is rather difficult to correctly track healthcare ransomware attacks, because ransomware isn’t always given in breach reports and PR releases, and ransomware groups usually don’t openly reveal their attacks when they get ransom payments, thus it is hard to find out the degree to which attacks are growing or lowering. With better-detailed reporting of cyberattacks, lawmakers would have the correct information for their policy choices.
The information for the study was gathered from the Tracking Healthcare Ransomware Events and Traits (THREAT) database, including data obtained from various sources like the HHS’ Office for Civil Rights breach portal, press announcements from victims, media information, dark web monitoring, and HackNotice. The researchers believe that because of the insufficient correct reporting, the quantity of attacks has most likely been under-reported. A number of cases are probably reported not as ransomware attacks but as malware attacks, as there is no mention of ransom payments. These attacks are usually not included in the information. Nevertheless, the researchers think their database is the most complete report of healthcare ransomware attacks. They rationalize that if a case is not included in the THREAT database, that indicates it wasn’t reported as a ransomware attack to HHS OCR, it was not discovered by HackNotice web crawler surveillance nor the monitoring of dark web forums, and it was not talked about by the press in local media or health care trade magazines.
The study showed there were 374 recorded ransomware attacks on healthcare companies from 2016 to 2021, with those attacks affecting the personal or protected health information (PHI) of no less than 41,987,751 people. Attacks increased about twofold from 43 (2016) to 93 (2021). Affected records increased 11 times, from roughly 1.3 million records in 2016 to about 16.5 million records in 2021. It must be mentioned that there was no information available on the magnitude to which the PHI breach happened in over one-fifth of attacks (22.5%).
Of the 374 reported ransomware attacks, merely 20.6% of healthcare companies stated they had restored data from backup copies. In 15.8% of attacks, at least a few of the stolen files were published to the public over the web or on dark net data leak sites. It ought to be mentioned that the double-extortion ransomware pattern where data files are stolen before file encryption just began in 2020.
Although ransomware attacks are frequently conducted on hospitals and big health systems, clinics experienced the most cases of ransomware attacks, then hospitals, other delivery organization types, ambulatory surgical facilities, dental clinics, mental/behavioral health agencies, and post-acute care services.
The effect of these ransomware attacks on individuals is generally hard to identify. The researchers could not ascertain the magnitude to which ransomware disruptions impacted patients needing care at the time of an attack however found proof that care delivery operations were interrupted in 44.4% of attacks. The disruption carried on for about two weeks in 8.6% of attacks, most often as a result of IT system outages, canceled consultations, and ambulance redirection. This disruption to care affects patient safety and outcomes.
The researchers came to the conclusion that ransomware attacks on healthcare institutions have elevated in both complexity and consistency, with attacks today more probable to impact several facilities, stop access to patient records, interrupt healthcare delivery, and compromise patient information. The researchers have required policymakers to focus their efforts on the particular needs of healthcare providers because of the effects on patient care quality and safety.