Hospitals that are under cyberattack have a specific type of challenges. This is confirmed by recent research published in the Journal of the American Medical Association. According to the study, cyberattacks on one healthcare facility might have an indirect influence on surrounding hospitals.
A flood of patients arrived in the University of California San Diego Health Centre’s emergency room in the first few days of May 2021.
The rise was not brought on by a major failure or a brand-new coronavirus type. It was the result of a ransomware attack, a costly but common cybercrime in which hackers steal the files of their victims and demand high ransoms in exchange for their release.
According to Dr. Christopher Longhurst, chief medical officer and chief digital officer at UC San Diego:
We were bringing in backup staff, our wait times had gone haywire, the whole system was overloaded. We felt it.
The actual objective was not UC San Diego. Their systems were unaffected. The real breach occurred at Scripps Health, which is directly across down the road. The attackers were successful in taking over the hospital’s computerised medical records system and complete computer network, stealing personal data from millions of patients.
A significant increase in patients visiting the emergency department following the breach was observed by UC San Diego researchers. More than 600 more patients were in queue than there were before the incident, and more than twice as many people left without seeing a doctor. The number of verified strokes and emergency stroke code responses within the same time were both more than doubled.
Scripps took many weeks to recover operating, and they are still dealing with the fallout, having paid $3.5 million in a court settlement earlier this year to compensate patients whose data was exposed.
Hospital Cyberattacks are a Growing Regional Disaster
There is a lack of specific evidence on the immediate consequences of a hospital cyberattack or even a regional healthcare compromise. The majority of evidence regarding accidents, such as deaths, is unreliable and appears in legal actions. This includes a case from 2019 in Alabama, where a family sued a hospital after their child died because of a ransomware attack.
Lawmakers have proposed policies and laws throughout the last year. These aim to identify and minimise the effects of cyberattacks on the healthcare sector.
The loss of data is caused by several things, including liability issues, privacy laws, reputational issues and technical obstacles. Following the exposed attack on Scripps, CEO Chris Van Gorder discussed the lessons learned in an opinion post for the San Diego Tribune. However, Scripps still has to deal with data sharing limitations, and organisations hit by ransomware attacks are still nervous to provide information.
It goes further simply connecting accidental deaths to ransomware attackers. It helps to clarify how patients are affected by poor outcomes and limited resources through individual experiences and extra taking measurements.
In September 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a paper. It was one of the few investigations to figure out how a cyberattack might impact the healthcare system. During the coronavirus pandemic, the research primarily focused on highlighting the challenges facing the healthcare system.
According to research, the number of hospital attacks decreased somewhat in 2022 but increased in 2023. Hackers used to pay ransomware gangs for attack tactics and software in the growing ransomware scene. Ransomware gangs have become more professional over time and gained control over their associated groups. However, many of these organisations’ hacking tools have since been stolen and are now widely available online.
The healthcare sector is particularly vulnerable to ransomware attacks due to the storage of sensitive data and the responsibility for patient safety and well-being.
Successful ransomware attacks are most-often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.