The healthcare industry has seen ransomware attacks double from 2016 to 2021, according to a study published in the December 2022 issue of JAMA Health Forum. The study looked at 374 ransomware attacks, which exposed "the personal health information of nearly 42 million patients." This is about 12.4% of the entire population of the United States.
"Almost half of ransomware attacks disrupted the delivery of health care, with common disruptions including electronic system downtime, cancellations of scheduled care, and ambulance diversion," the abstract of the study says.
The authors go on to identify that "approximately 1 in 5 health care organizations" had backups that they could restore from, a frighteningly low number. They also state that they were able to locate protected health information from about 15.8% of the attacks being sold on the dark web.
"Clinics were the most common health care delivery organization," the study notes. The authors of the study told Fierce Healthcare that they do assume quite a bit of underreporting, which skews numbers.
While in the process of searching for breaches online, the authors found that more than half of the breaches that were officially reported, were reported past the 60-day mandated period.
This means that the amount of ransomware attacks on healthcare organizations is likely a much larger number than 374.
Healthcare organizations deal with some of the most confidential and private information of any business, making it integral that they put cybersecurity at the forefront of their operations going forward.