Ransomware attacks on health care organizations on the rise.

From 2016 to 2021, there was an increase in ransomware attacks on health care delivery organizations, exposing the personal health information (PHI) of nearly 42 million patients, according to a study published online Dec. 29 in JAMA Health Forum.

Hannah T. Neprash, Ph.D., from the University of Minnesota in Minneapolis, and colleagues quantified the frequency and characteristics of ransomware attacks on health care delivery organizations in a cohort study using data from the Tracking Healthcare Ransomware Events and Traits database from 2016 to 2021.

The researchers found that 374 ransomware attacks on U.S. health care delivery organizations exposed the PHI of almost 42 million patients from January 2016 to December 2021. The annual number of attacks increased more than twofold from 43 to 91 from 2016 to 2021. The delivery of health care was disrupted in 44.4 percent of ransomware attacks; common disruptions included electronic system downtime, cancelations of scheduled care, and ambulance diversion (41.7, 10.2, and 4.3 percent, respectively). Ransomware attacks on health delivery organizations increasingly affected large organizations with multiple facilities from 2016 to 2021, exposed the PHI of more patients, and were increasingly associated with delays or cancelations of scheduled care.

“As policy makers craft legislation aimed at countering the threat of ransomware attacks across multiple industries, we urge them to focus on the specific needs of health care delivery organizations, for which operational disruptions may carry substantial implications for the quality and safety of patient care,” the authors write.

More information: Hannah T. Neprash et al, Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021, JAMA Health Forum (2022). DOI: 10.1001/jamahealthforum.2022.4873
Journal information: JAMA Health Forum