Regional chaos caused by ransomware attacks on hospitals: Study calls for coordinated response

In a recent study published in JAMA Network Open, researchers study an institution's emergency department (ED) patient count and stroke treatment parameters during a month-long attack by ransomware on a geographically adjacent but separate healthcare delivery organization (HDO).

Study: Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US. Image Credit: Thapana_Studio / Shutterstock.com

Background

For organizational workflows and patient care, HDOs increasingly rely on web-based computer systems and medical equipment. Protected health-related and financial data make HDOs appealing targets for cybersecurity breaches. In fact, cyberattacks against HDOs are becoming more sophisticated and frequent, despite the increase in awareness and focused organizational cybersecurity efforts.

Ransomware, a subset of harmful software known as malware, is being used in an increasing number of cyberattacks on HDOs. Ransomware programs aim to infect a network to encrypt data and functionality unless a financial fee is paid.

Although ransomware intrusions have been connected to severe operational interruptions, evidence of regional associations between cyberattacks and surrounding hospitals is scarce.

About the study

In the present retrospective cohort study, during the period of a ransomware infection at four acute care HDOs, researchers investigate the accompanying regional healthcare interruptions impacting operational and patient volume data at an adjacent and uninfected HDO. The attack infected over 1,300 acute inpatient beds and 19 outpatient care facilities, compromising 150,000 patient records.

The study compared pediatric and adult patient volume, regional emergency medical services (EMS) diversion data, and ED stroke-related healthcare metrics for two United States urban academia-type EDs in the 28 days before the ransomware cyberattack on  1st May 2021, during the cyberattack period and recovery stage between 1st May 2021, and 28th May 2021, and 28 days following the cyberattack and system recovery between 29th May 2021, and 25th June 2021. Combined, the two EDs had a mean yearly census of over 70,000 healthcare visits and represented 11% of acute inpatient care discharges in San Diego.

The HDO infected with the ransomware constituted 25% of inpatient care discharges in the region. The team evaluated the association between the disruptions incurred by the infected HDOs and operational disruptions at other hospitals in the same regional healthcare system. The study's exposure was a one-month-long ransomware infection at four adjacent hospitals.

The primary study outcomes were ED encounters, regional EMS diversion, stroke care metrics, and temporal throughput. Data on demographic variables, including race, ethnicity, sex, and age, as well as recurrence, census, stroke, and throughput data, were obtained from the electronic medical records, whereas diversion data were provided by San Diego County EMS.

The team excluded individuals who left before triage or were immediately referred to another health department for burns, labor, and delivery, or trauma prior to emergency physician assessments. In addition, patients placed in ED observation were excluded unless they subsequently received hospital care services.

Results

A total of 19,857 ED encounters were evaluated in the study. In the uninfected ED, there were 6,114 patients with a mean age of 50 years. About 48% of these patients were female, 27% Hispanic, 11% non-Hispanic Blacks, and 44% non-Hispanic Whites during the pre-attack period.

During the attack and recovery periods, there were 7,039 patients with a mean age of 50 years. About 48% of these patients were female, 26% Hispanic, 11% non-Hispanic Black, and 45% non-Hispanic White. In the post-attack period, there were 6,704 patients with a mean age of 49 years. About 50% of these patients were female, 26% Hispanic, 11% non-Hispanic Black, and 45% non-Hispanic White.

In comparison to the pre-attack period, during the cyberattack period, significant elevations in the mean values for regular ED encounter volumes (218 versus 251), EMS arrivals (1,741 versus 2,354), admissions (1,614 versus 1,722), individuals who left without being examined (158 versus 360), and those who left with healthcare advice (107 versus 161) were observed.

In addition, there were significantly related elevations during the cyberattack period as compared to the pre-attack period. These increases were identified in the median values for time spent in waiting rooms (21 minutes versus 31 minutes) and the total length of stay (LOS) in EDs for admitted individuals (614 minutes versus 822 minutes).

Additionally, there was a statistically significant rise in stroke code activations during the attack period compared to the pre-attack period at 59 and 102, respectively, and 22 and 47 confirmed strokes, respectively.

In the post-attack period, only EMS arrivals, individuals leaving against medical advice, ED stroke code activations, and confirmed strokes returned to pre-attack rates. In the greater San Diego County area, a 74% increase in median total daily ED diversion time was noted as compared to the pre-attack and attack periods of 27 and 47 hours, respectively.

Conclusions

Ransomware-infected hospitals located near HDOs may experience a rise in patient ED encounter volumes and resource limitations, which can compromise time-sensitive care for illnesses such as acute stroke. Thus, coordinated regional cybersecurity planning, similar to what has been done for natural disasters, that involves a multidisciplinary team of clinicians and technologists.

As compared to the pre-attack period, during the cyberattack, there were 15%, 35%, 6.7%, 128%, and 50% increases in mean daily ED volumes, ambulance arrivals, admissions, ED visits where patients leaving without examination, and ED visits where patients left against medical advice, respectively.

Likewise, there were 48%, 34%, and 6% increases in the median values for time spent in waiting rooms, total LOS for admitted patients, and total LOS for discharged patients, respectively, at two normally functioning healthcare facilities adjacent to four hospitals under a ransomware attack during the attack period as compared to the pre-attack period.

Journal reference:
  • Dameff, C., Tully, J., Chan, T. C., et al. (2023). Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US. JAMA Netw Open 6(5):e2312270. doi:10.1001/jamanetworkopen.2023.12270
Pooja Toshniwal Paharia

Written by

Pooja Toshniwal Paharia

Pooja Toshniwal Paharia is an oral and maxillofacial physician and radiologist based in Pune, India. Her academic background is in Oral Medicine and Radiology. She has extensive experience in research and evidence-based clinical-radiological diagnosis and management of oral lesions and conditions and associated maxillofacial disorders.

Citations

Please use one of the following formats to cite this article in your essay, paper or report:

  • APA

    Toshniwal Paharia, Pooja Toshniwal Paharia. (2023, May 09). Regional chaos caused by ransomware attacks on hospitals: Study calls for coordinated response. News-Medical. Retrieved on December 26, 2024 from https://www.news-medical.net/news/20230509/Regional-chaos-caused-by-ransomware-attacks-on-hospitals-Study-calls-for-coordinated-response.aspx.

  • MLA

    Toshniwal Paharia, Pooja Toshniwal Paharia. "Regional chaos caused by ransomware attacks on hospitals: Study calls for coordinated response". News-Medical. 26 December 2024. <https://www.news-medical.net/news/20230509/Regional-chaos-caused-by-ransomware-attacks-on-hospitals-Study-calls-for-coordinated-response.aspx>.

  • Chicago

    Toshniwal Paharia, Pooja Toshniwal Paharia. "Regional chaos caused by ransomware attacks on hospitals: Study calls for coordinated response". News-Medical. https://www.news-medical.net/news/20230509/Regional-chaos-caused-by-ransomware-attacks-on-hospitals-Study-calls-for-coordinated-response.aspx. (accessed December 26, 2024).

  • Harvard

    Toshniwal Paharia, Pooja Toshniwal Paharia. 2023. Regional chaos caused by ransomware attacks on hospitals: Study calls for coordinated response. News-Medical, viewed 26 December 2024, https://www.news-medical.net/news/20230509/Regional-chaos-caused-by-ransomware-attacks-on-hospitals-Study-calls-for-coordinated-response.aspx.

Comments

The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News Medical.
Post a new comment
Post

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.

You might also like...
More plant protein, less animal protein tied to lower heart disease risk, not stroke