Hospitals have become an increasingly common target for cybercriminals in recent years, and the consequences can be costly and life-threatening for patients.
Annual ransomware attacks on hospitals more than doubled from 2016 to 2021, according to a new report published on the JAMA Network. The number of incidents increased from 43 in 2016 to 91 in 2021. Of the affected hospitals, 44% said their ability to provide medical care was impacted by the breach.
John Riggi, a senior cybersecurity and risk advisor at the American Hospital Association, wrote in a report that “a ransomware attack on a hospital crosses the line from an economic crime to a life-threatening crime.”
“Cybercriminals are not only more organized than in the past, they are often more skilled and sophisticated,” he wrote.
One affected hospital, Johnson Memorial Health in Franklin, Indiana, was attacked by ransomware group Hive, and the hackers claimed $3 million worth of bitcoin in October 2021, NPR reported.
After consulting with FBI cybersecurity experts, Johnson Memorial did not pay the ransom and instead disconnected its servers after the attack.
But the hospital has had to revert to more old-fashioned methods of healthcare delivery — including physically guarding the maternity department, where newborns are usually protected from unauthorized persons by security bracelets, and nurses using Google Translate to communicate with patients after remote translation technology was shut down after the attack.
The hospital’s chief operating officer, Rick Kester, told NPR that it took nearly six months to “resume normal operations.”
Related: The staggering range of cybercrime is due to the gap in the cybersecurity workforce
According to the Department of Justice, as of 2021, The Hive has been responsible for over 1,500 cyberattacks and has received more than $100 million in ransom payments. One of the affected hospitals also had to resort to analog methods of treating patients (similar to Johnson Memorial) and was unable to accept new patients immediately after the attack, the Justice Department added.
For hospitals, the fear of hacking isn’t just financial—it’s putting patient lives at risk by derailing the technology needed to provide patient care.
“You ask a lot of CEOs across the country, ‘What keeps you up at night?’ Naturally, [they’re] They talk about manpower, financial pressures, and they say, “The possibility of a cyberattack,” Riggi told NPR.
See also: This type of cyber attack takes advantage of your weakness. How to avoid being a victim.