Cyberattacks on Hospitals Are Growing Threats to Patient Safety, Experts Say
By Devin Dwyer, Sarah Herndon, and Nicole Westman
A study published in the Journal of the American Medical Association reveals an increase in the number of cyberattacks on U.S. hospitals from 43 in 2016 to 91 in 2021, doubling each year during that span. John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, said, “These are direct threats to patient safety.” Ransomware attacks suddenly render internet-based tools that are critical to patient care – including patient health records, imaging and lab results, and communication links with other departments and hospitals – inoperable. Experts say potential harm to patients now overshadows privacy concerns. A study of the October 2022 ransomware attack on the University of Vermont Medical Center, published by the U.S. Cybersecurity and Infrastructure Security Agency, found that hospitals hit a stress level during ransomware attacks that is linked to more patient deaths. Meanwhile, a study published in JAMA Network Open shows the ripple effect across an entire region when one hospital is hit by a ransomware attack. Dr. Christian Dameff, the study’s lead author and an emergency physician at the University of California, San Diego, said, “Patients don’t stop getting sick just because a hospital is hit by a ransomware attack. They have to go somewhere. So what this research shows is that those patients go to neighboring hospitals that can be overwhelmed.” In April, the U.S. Department of Health and Human Services (HHS) called cyberattacks the single largest threat to hospitals due to the “threat to life.” Of the hospital surveyed by HHS, almost all used software with “known vulnerabilities,” but just half had a plan to address the issue.
Read more on ABC News.