Ransomware is a type of harmful software that stops people from using computer systems until a ransom is paid. In healthcare, this can lock access to electronic health records (EHR), scheduling systems, diagnostic tools, and medical devices linked to a hospital’s network. The number of ransomware attacks on healthcare places in the U.S. has gone up a lot in recent years. Since 2015, ransomware attacks on healthcare providers have gone up by 300%, according to a study by IBM.
From 2021 to 2022 alone, ransomware attacks on U.S. healthcare groups grew by 94%. These attacks exposed almost 52 million patient records and caused systems to be down for an average of 17 days for each incident. This downtime has major effects on both money and patient care. The Ponemon Institute says the average cost of a big cyberattack on healthcare groups reached about $4.99 million in 2023, which is 13% more than the year before.
One serious problem with ransomware attacks is how they affect patient care. Hospitals and clinics rely a lot on digital systems like EHRs to give quick and correct treatment. When these systems are locked or not working, doctors and nurses often have to go back to paper records. This raises the chance of mistakes like missed medicines, delayed treatments, and forgotten allergies.
Many studies, including ones by the Ponemon Institute, show that ransomware attacks cause delays and problems with important medical tests and procedures. Over half of healthcare IT workers surveyed in 2023 said ransomware attacks made them send patients to other hospitals. This can overload backup hospitals, slow emergency help, and put very sick patients at higher risk.
More seriously, the Ponemon Institute found that over 20% of healthcare groups saw an increase in patient deaths linked to ransomware problems. Delays in treatment and testing also cause more problems during medical procedures, which 45% of those surveyed said they worry about—a rise from 36% two years ago. This shows ransomware is not just about losing data or money, but it affects patient lives directly.
More ransomware attacks happen because of weaknesses in third-party vendors and business partners. In 2023, 58% of the 77.3 million patients affected by data breaches were from attacks on third-party providers. These attacks can disrupt the whole healthcare system because many groups rely on shared services like claims processing, billing, supply chains, and data handling.
A major example is the 2023 ransomware attack on Change Healthcare, a big claims processing vendor for UnitedHealth Group. This attack affected hospitals across the country. It showed how cybercriminals target one main provider to cause problems for many linked groups. The FBI has warned that third-party tools are especially weak and need strong security measures.
Healthcare groups are advised to improve Third-Party Risk Management (TPRM) by reviewing rules, using risk-based controls, and training staff on how to respond to incidents. Making sure business partners have proper cyber insurance can also lower the cost if a breach happens.
Money is a big issue when dealing with ransomware attacks. Ponemon’s 2023 report says that besides the direct cost averaging $4.99 million per attack, healthcare groups also lose money because of patient care interruptions. For example, downtime from system failures can cost hospitals up to $1.9 million a day because services are delayed, hospital stays are longer, and more staff are needed.
Supply chain breaches and business email compromise (BEC) attacks also hurt patient care. Seventy-seven percent of healthcare groups hit by supply chain attacks reported worse patient care, like sicker patients and longer hospital stays. Twenty-one percent said death rates went up. BEC attacks caused delays and problems in 69% of cases.
Many healthcare providers find it hard to build strong cybersecurity programs because of budget limits, staff shortages, and lack of expert knowledge. Hospitals often do not have enough trained cybersecurity workers because there is high demand in many fields and pay is lower in healthcare. This shortage makes groups more open to cyberattacks.
Hospitals use more internet-connected medical devices now. These include diagnostic machines, infusion pumps, monitoring systems, as well as help systems like elevators, heating and cooling, and security systems. This connected setup gives cybercriminals more ways to attack.
The 2017 WannaCry ransomware attack showed how attacks on medical devices can stop hospital work. In England, WannaCry affected 1,200 diagnostic devices and made 81 NHS hospitals cancel over 19,000 appointments. Similar attacks in the U.S. have delayed important services like blood testing and cancer treatments. A recent 2024 ransomware attack on Synnovis, an NHS pathology provider, showed this again.
Hospitals find it hard to update and fix these devices because they are complex, used all the time, and rely on many vendors. Some devices may take up to a year to get all updates, leaving them open to ransomware attacks for a long time.
When ransomware makes systems stop working, hospitals go into periods called downtime. During downtime, staff lose electronic access to patient data and decision tools. They must use manual methods instead. Research by the Healthcare Information and Management Systems Society (HIMSS) shows that downtime increases the chance of errors a lot.
Downtime usually lasts about 17 days after an attack. During this time, missed medicine alerts, delayed treatments, and poor communication raise risks to patient safety. Risk management teams are important for making downtime procedures, running practice drills, and guiding staff to keep things running safely.
Good downtime management needs teamwork and training among IT, clinical, and admin staff. Only 45% of healthcare groups have written plans for these situations, which shows many are not well prepared.
Artificial intelligence (AI) and workflow automation can help healthcare groups deal with ransomware threats and work interruptions. AI can’t stop all attacks, but it helps find problems early, respond faster, and recover more smoothly.
AI systems watch network traffic and user actions in real time. They look for strange patterns that may show ransomware is trying to get in. This lets IT teams act before malware spreads or locks important systems. AI can connect with updated threat data to fight new ransomware types.
Workflow automation makes work more efficient during normal times and is especially useful when systems are down. Automating routine tasks like patient messaging, scheduling, and paperwork cuts the need for manual work when systems don’t fully work. This keeps key tasks like appointment reminders, check-ins, and billing on track.
Some AI-powered front-office tools, like those from Simbo AI, can answer phones and talk with patients automatically. These tools can handle many calls without humans and keep patients connected to care during IT problems or staff shortages. These systems learn to find urgent requests and send patients to the right place, keeping care going through interruptions.
AI can also help manage risks from third-party vendors by checking their security and pointing out weak spots. This helps healthcare groups better handle cybersecurity risks in complex supply chains.
Experts in healthcare cybersecurity say that teamwork across sectors and joint agency responses are needed to fight ransomware well. Public and private partnerships involving groups like the FBI, Department of Homeland Security (DHS), U.S. Department of Health and Human Services (HHS), and cybersecurity organizations help share threat data and respond faster to attacks.
John Riggi, Senior Advisor for Cybersecurity and Risk at the American Hospital Association (AHA), says hospitals must treat cybersecurity as a main enterprise risk. He asks for cooperation among IT, clinical, administrative, and executive leaders for a shared defense against ransomware.
He also suggests hospitals tie their response plans to business and clinical continuity programs that can keep operations going for four weeks or more, since ransomware recovery often takes a long time.
Federal efforts like the Cybersecurity & Infrastructure Security Agency’s (CISA) “Secure by Design” program ask tech makers and software developers to build safer systems. This shifts some responsibility away from healthcare groups and users.
Invest in Strong Cybersecurity Programs: Set aside enough budget for hiring staff, training workers, and buying technology based on comparisons with peers. This helps build stronger defenses.
Develop and Test Incident Response and Downtime Plans: Train staff often and run practice drills to prepare for safe and effective reactions during cyberattacks.
Enhance Third-Party Risk Management: Check vendors carefully, require cybersecurity rules and insurance, and watch third-party systems for weak spots.
Implement AI and Automation Solutions: Use AI to find problems early and help respond, and automate patient communications and admin work to depend less on manual processes.
Foster Internal and External Collaboration: Build teamwork across departments and work with government and industry partners for real-time threat information and help.
By seeing ransomware as a major patient safety problem, not just an IT issue, healthcare groups can better get ready to protect patients, keep care running, and lower financial losses from cyberattacks.
Ransomware attacks in U.S. healthcare places cause real and growing risks to patient safety and daily operations. Knowing these risks and using AI, automation, and strong risk management can help medical groups stay safe and strong in a more digital healthcare world.
Cyberattacks disrupt patient care and safety, posing risks to patients in hospitals and affecting the entire community’s access to urgent health services. Ransomware attacks can delay care and lead to potential loss of life.
Attacks on third-party providers can be more disruptive than direct hospital attacks, affecting critical functions and services, as demonstrated by the Change Healthcare incident that impacted every hospital in the U.S.
Fifty-eight percent of the 77.3 million individuals affected by healthcare data breaches in 2023 were due to attacks on health care business associates, marking a significant increase from the previous year.
Cybercriminals employ a ‘hub and spoke’ strategy, targeting a single third-party provider to access numerous healthcare organizations, thereby amplifying the attack’s impact.
Hospitals should assess and enhance their business continuity plans, specifically for critical technology and services, and prepare for possible extended disruptions.
Training staff ensures effective execution of incident response plans during real cyberattack scenarios, thereby minimizing the impact of potential incidents.
The four strategies include reviewing the TPRM framework, implementing risk-based controls, clearly communicating policies, and intensively preparing for incident response.
Cyber insurance requirements should be specified in business associate agreements based on the vendor’s risk level, helping to mitigate financial impacts from data breaches.
Technology providers must create more secure products, as the responsibility for cybersecurity should shift from end-users to those developing technology.
The AHA provides resources, partnerships with cybersecurity vendors, and guidance for hospitals and health systems to prepare, prevent, and respond to cyber threats.
Simbo is using AI agents to automate all phone related workflows. Connect now to know more.
Schedule AI Agents Demo Now© Since 2019, Simbo AI.
