Kidnapped Data: Healthcare Ransomware Attacks

Farisa Khan

Associate Editor

Loyola University Chicago School of Law, JD 2024

Ransomware attacks are one of the largest threats to the healthcare industry and a tough cybersecurity problem to address. From 2016-2021, there were almost 400 ransomware attacks on healthcare organizations in the US. It is estimated that such attacks exposed the personal healthcare data of over 40 million patients. Since these attacks cannot typically be resolved without paying the ransom, it is important to invest in preventative measures to protect healthcare data from potential breach.

What are ransomware attacks?

A ransomware attack is a cybersecurity breach where data files are stolen and blocked. An attacker infects a device or system with a virus and then subsequently blackmails the target. Once the target pays the amount by a given time, the attacker gives the target an encryption key that would provide access to all the files again. However, the attacker possesses the full discretion as to whether or not he releases the data.

Ransomware attacks in healthcare

In 2022 alone, ransomware attacks affected almost 300 hospitals. In October 2022, there was a ransomware attack against CommonSpirit Health, the fourth largest US healthcare system. An unspecified number of their 140 hospitals were affected, leading to delays in appointments, care, and surgery. In December, Lake Charles Memorial Health System was affected by a ransomware attack that gave hackers access to 270,000 patients’ personal data. While this hospital was able to thwart the attack due to the early detection and quick actions of their cybersecurity, other hospitals were not as lucky. A network of three hospitals in New York were forced to use paper charts for weeks following a ransomware attack.

It is important to note that these attacks are not solely impacting hospitals. At least fifteen healthcare companies representing around 61 hospitals last year experienced data breaches. These breaches have all affected data files featuring highly sensitive patient healthcare information.

Why attack health systems?

Attackers specifically target healthcare institutions because they are dependent on data to operate. Hospitals store large amounts of medical data in their systems. Without access, they are unable to treat patients effectively. Ransomware attacks in the past have led to ambulance diversions, cancellations of care, inability to care, and even patient harm and death. Furthermore, since medical data can be sold on the black market at very high rates, hospitals would be willing to pay a fortune to get it back and avoid lawsuits.

Why are the attacks dangerous?

The largest problem with ransomware attacks is that there is no way to unblock the stolen files without paying the ransom. Once any device is infected, all other devices connected to the network can also become infected. The ransom amount can be very costly. Even if the ransom is paid, there is no guarantee that the attacker will return the files. Specifically for hospitals, the ransomware attacks can be more costly than just the amount they need to pay. Patients can file lawsuits for breach of data. The hospital’s reputation can also be severely damaged, leaving it vulnerable to a potential loss of patients.

How to protect against ransomware attacks

 It is more important to prevent than to cure. Ransomware attacks cannot be resolved once they are active, but preventative measures can be taken to protect against them. The most basic preventative measure is to install anti-virus security systems on all devices used in healthcare institutions. Cybersecurity should be one of the highest areas of hospital spending. Additionally, no private devices should be connected to the same network as the hospital devices. Mobile devices, such as iPads and tablets, should be on a different network than hospital computers to protect one set of devices in case of a breach. Furthermore, all data should be  backed up on a cloud server so that it can be recovered after a breach. If a healthcare institution has the ability to invest more into cybersecurity, artificial intelligence and machine learning should be used to track data and sound alarms in the event of a breach. Finally, all hospital organizations should have cyber insurance coverage so that in the case of a security breach, they are able to cover a large portion of the ransom. Dr. Hannah Neprash, the co-author of a study on ransomware attack on health organizations, emphasized that the federal government needs to manage short-term patient safety and promote long-term investing in cybersecurity.