Hospitals have become an increasingly common target for cybercriminals in recent years, and the consequences can be costly and life-threatening for patients.
Annual ransomware attacks on hospitals have more than doubled from 2016 to 2021, according to a new report published by JAMA Network. The number of cases increased from 43 in 2016 to 91 in 2021. Of the targeted hospitals, 44% said the breach affected their ability to provide care.
John Riggi, Senior Cybersecurity and Risk Advisor for the American Hospital Association, wrote in report that “a ransomware attack on a hospital crosses the line from an economic crime to a life-threatening crime.”
“Cybercriminals are not only more organized than in the past, they are often more experienced and sophisticated,” he wrote.
One affected hospital, Johnson Memorial Health ransomware group “Hive” was targeted in Franklin, Indiana and hackers demanded $3 million in bitcoin in October 2021, NPR. informed.
After consulting with cybersecurity experts at the FBI, Johnson Memorial did not pay the ransom and instead shut down its servers after the attack.
However, the hospital has had to revert to more old-fashioned ways of delivering care, including physical security in the obstetrics ward, where newborns are usually protected from prying eyes by safety wristbands and nurses use Google Translate to communicate with patients after remote translation technology was turned off. turned off after the attack.
The hospital’s chief operating officer, Rick Koester, told NPR that it took almost six months to “resume normal operations.”
Related: Stunning range of cybercrime linked to cybersecurity workforce gap
According to Department of JusticeHive has been responsible for more than 1,500 cyber attacks since 2021 and received over $100 million in ransom. The Justice Department added that one of the affected hospitals was also forced to resort to analog patient care (similar to the Johnson Memorial) and was unable to accept new patients immediately after the attack.
For hospitals, the fear of being hacked isn’t just monetary—it puts patients’ lives at risk by disrupting the technology needed to care for patients.
“You ask many executives across the country, “What keeps you awake at night?” Of course, (they) talk about the workforce, the financial problems, and say, “The possibility of a cyberattack,” Riggi told NPR.
Related: This type of cyber attack exploits your weakness. Here’s how to avoid becoming a victim.