The annual number of ransomware attacks targeting healthcare organizations has doubled from 2016 to 2021, exposing the health information of nearly 42 million people. A new report from the University of Minnesota School of Public Health (SPH), published in the Journal of the American Medical Association (JAMA) Health Forum, shows that the threat of ransomware to health care providers is not only increasing, but increasing. more – presenting information about personal health and involving large organizations with several hospitals.
To conduct this study, researchers created a database called Tracking Healthcare Ransomware Events and Traits (THREAT), a unique tool that for the first time allows researchers to track ransomware events across healthcare providers.
Ransomware is a type of malicious software that prevents users from accessing their electronic systems and demands a ransom to restore access. Although some well-known ransomware attacks on healthcare organizations have received media attention, there is currently no comprehensive documentation of the scale and impact of ransomware attacks on our healthcare system.
In the first comprehensive analysis of ransomware attacks on US healthcare providers, researchers wrote that between 2016 and 2021:
- 374 cases of ransomware attacks on healthcare organizations exposed the health information of nearly 42 million people.
- Ransomware attacks have doubled annually, from 43 to 91 per year.
- The number of people with health information has increased from about 1.3 million in 2016 to more than 16.5 million in 2021.
- Disruptions to patient care due to ransomware incidents occurred in 166 – or 44% – of attacks.
- Among healthcare providers, hospitals have been the most affected by ransomware threats, followed by hospitals, ambulatory care centers, mental/behavioral clinics, dental practices and post-hospital care organizations.
“As healthcare organizations increase their reliance on information technology to help their patients, they have unfortunately also increased their exposure to cyber security threats, such as ransomware attacks,” said Hannah Neprash, lead author and associate professor at SPH. “While this threat is increasing, information about the prevalence of these attacks remains largely anecdotal. This study and the development of the THREAT database will address this gap, providing the first peer-reviewed assessment of the threat that ransomware poses to health care providers and the millions of patients they serve.”
More research is needed to better understand the operational and clinical implications of ransomware attacks on healthcare providers. The researchers also point out that as policy makers draft regulations to combat the threat of ransomware across multiple industries, they should consider the needs of healthcare providers and the potential negative impact on patient care.
About the School of Public Health
The University of Minnesota School of Public Health improves the health and well-being of people and communities around the world by bringing research, learning, and practical action to today’s major public health challenges. We train some of the most influential leaders in the field, and collaborate with health departments, communities, and policy makers to advance equity for all. Learn more at sph.umn.edu.