Written by Jo Rust | Published on December 22, 2022
Table of contents:
If you’re a fan of medical dramas like The Good Doctor, New Amsterdam, or Chicago Med, you’ll be familiar with how cyber attacks on hospitals have increased dramatically over the last few years. In certain episodes, a hospital will face a ransomware attack by cybercriminals holding their networks hostage. This can have a catastrophic effect on hospitals, forcing them to not have access to information which could lead to some patients facing a life-and-death situation. It forces doctors to have to revert to using paper charts, cancel scheduled surgeries, and rely on patients to accurately relay information about allergies and medication.
In 2021 alone, 41% of ransomware attacks on healthcare systems worldwide were launched on US hospitals alone – resulting in the exposure of over 40 million patient records, affecting over 22.6 million patients and leading to a rise in mortality rates!
So why are hospitals such favored targets of hackers? The simple answer is that the level of sensitive and confidential data held by healthcare systems is worth a lot of money, and without a data escrow plan in place, continuity of care will remain at risk.
Healthcare Groups need to start investing in protecting their patients against cyber threats
French Hospitals Paralyzed By Cyber Attacks
Ransomware raids have been hitting French hospitals hard this year. At around 9pm local time on the 5th of December, the 700-bed André-Mignot hospital in the Parisian suburb of Versailles was forced to suspend operations after their online network was infiltrated by ransomware actors.
According to reports, the hospital was forced to totally reorganize itself and call in extra staff to keep an eye on monitors in the ICU as they were no longer connected to the network. Several patients from the intensive care and neonatal units had to be transferred to a different hospital. All surgeries had to be canceled.
Just three months ago another major hospital was hit by cybercriminals and forced to revert back to using paper charts after a $10 million ransom demand by the LockBit 3.0 group. The attack forced the hospital offline for weeks and the attackers followed through on their threat to post some of the patient information they had stolen.
A few months before that, the GHT Cœur Grand Est hospital group was forced to cut connectivity to two of its hospitals after receiving a $1.3 million ransom demand.
Ransomware attacks on hospitals highlight patients' vulnerability
Brooklyn Hospital Battles After Ransomware Attacks
“The majority of American hospitals are target-rich, but cyber poor”, as stated by Joshua Corman from the US Cybersecurity and Infrastructure Security Agency. What a vivid, yet terrifying description.
A network of three hospitals belonging to the One Brooklyn Health group in New York was forced to return to methods last used in the 1990s just a few weeks ago following a cyberattack on its networks. One hospital reported having to outsource its diagnostic imaging to a third party as imaging equipment was forced offline.
These hospitals serve patients in some of the poorest neighborhoods in New York. Some of the hospitals’ systems have been down for weeks, leading to delays in some levels of care. Though the group reported that they have remained open to patients and continue to provide care.
In the last few months of 2022, about a dozen hospitals have been affected, leading to the disruption of patient care. In some cases, it has been reported that patient files have had to be carried between departments by way of many elevator rides.
The FBI has declined to comment on the situation as it is reportedly still an ongoing case.
Lives are at stake.