Healthcare Ransomware Attacks Impact Emergency Patient Outcomes

Ransomware attacks have increased by 300% since 2015, and the consequences go beyond data being held hostage or leaked on the dark web; people’s lives are at risk. The latest Microsoft Threat Intelligence healthcare ransomware report reveals that in the second quarter of 2024, healthcare was one of the top 10 industries most affected by ransomware.

This year, 389 U.S. healthcare institutions were hit by ransomware, causing network shutdowns, offline systems, delays in critical medical procedures, and rescheduled appointments.

Ransomware Attacks in Healthcare Lead to Costly Losses

The attacks are costly, with healthcare organizations losing up to $900,000 daily on downtime alone. However, the more significant loss is its impact on patient care and outcomes.

Consider the findings from a recent study showing how a ransomware attack against four hospitals (two attacked and two unaffected) led to increased emergency department patient volume, longer wait times, and additional strain on resources, particularly in time-sensitive care like stroke treatment, in two unaffected neighboring hospitals.

• Cardiac arrest cases increased by 81% as nearby hospitals had to handle more critical cases.
• The survival rate fell from 40% pre-attack to 4.5% for out-of-hospital cardiac arrests that had favorable neurological outcomes.
• Stroke code activations at the nearby hospitals nearly doubled, while confirmed strokes rose by 113.6%.
• Ambulance arrivals increased by 35.2% at unaffected hospitals, suggesting a diversion of ambulance traffic due to the ransomware-induced disruption at the affected hospitals.
• Patient volume increased by 15% at the unaffected hospitals during the attack phase compared with the pre-attack phase.

Additionally, during the attacks, the unaffected hospitals had notable increases in patients leaving without being seen, waiting room times, and total length of stay for admitted patients.

Why Healthcare is a Target for Ransomware

The report lists several factors that make healthcare a prime target

1. Willingness to Pay Ransoms: Healthcare organizations often pay ransoms to avoid disrupting patient care. In 2024, 53% of healthcare organizations admitted to paying a ransom, with the average payment reaching $4.4 million. Hospitals, driven by the need to restore operations quickly, are seen as lucrative targets by attackers.
2. Limited Security Budgets: Tight budgets and the need to prioritize patient care often result in underfunded cybersecurity measures. Many healthcare providers lack the resources to adequately protect their systems, making them vulnerable to attack.
3. Outdated Technology: Hospitals often rely on legacy systems that are difficult to secure. This, coupled with the complexity of hospital mergers, creates a patchwork of vulnerable systems that attackers can easily exploit.
4. Expanding Attack Surface: The growing use of connected medical devices, such as CT scanners and infusion pumps, has broadened the attack surface. With 70% of hospital network endpoints being medical devices, many lack sufficient cybersecurity protections, giving attackers more entry points.

Safeguarding Patients from Future Attacks is Critical

Ransomware is a growing crisis for healthcare, especially emergency care. Remember the Ascension ransomware attack in May 2024, when an employee mistakenly downloaded a malicious file? Within days, 140 hospitals and thousands of patients were impacted.

To protect patients and prevent future attacks, healthcare organizations must invest in more robust cybersecurity measures, take proactive steps to secure their networks, and conduct cybersecurity training with employees.