Global Edition
Privacy & Security

Half of ransomware attacks have disrupted healthcare delivery, JAMA report finds

The frequency of cyberattacks on hospitals and health systems more than doubled from 2016 to 2021, say researchers, and the incidents have exposed the protected health information of nearly 42 million patients.
By Andrea Fox
January 10, 2023
11:06 AM

Photo by: Science Photo Library/Getty Images

Led by University of Minnesota Public Health researchers, the Trends in Ransomware Attacks on U.S. Hospitals, Clinics and Other Health Care Delivery Organizations study quantified the frequency and characteristics of ransomware attacks on the healthcare sector from 2016 to 2021.

WHY IT MATTERS

Ransomware groups are generally aggressive on critical infrastructure like energy, healthcare and government. And the increasing frequency and severity of ransomware attacks on hospitals and healthcare organizations can disrupt operations and patient access for weeks or even months.

The risks of being hit conflate a number of issues – loss of access to critical health data, the high costs of responding to and preventing cyberattacks and threats to patient safety – that have largely shifted focus to the defense of healthcare infrastructure.

For the study, the public health researchers looked at the date of ransomware attacks, public reporting, personal health information exposure, the status of encrypted/stolen data following the attack, the type of healthcare delivery organization affected and operational disruption during an attack.

Some of the key findings are:

  • From 2016 to 2021, the annual number of ransomware attacks more than doubled from 43 to 91.
  • Almost half, or 44.4% of the cohort, disrupted the delivery of healthcare.
  • Thirty-two attacks, or 8.6% of the cohort, led to operations disruptions of more than two weeks.
  • Approximately one in five (20.6%) of healthcare organizations reported being able to restore data from backups.

Common disruptions included electronic system downtime, 41.7%, cancellations of scheduled care, 10.2%, and ambulance diversion 4.3%. 

Data exposure following an incident is a key concern for ransomware victims as hospitals and healthcare systems are required under HIPAA to protect patient data. 

The cohort incidents exposed the PHI of more patients, say researchers.

"For 59 ransomware attacks (15.8%), there was evidence that ransomware actors had made some or all of the stolen PHI public, typically by posting it on dark web forums where stolen data are advertised for sale by including a subset of records," according to the JAMA abstract.

Researchers noted they found growing lags in reporting ransomware incidents over the study period, with one in five attacks not present in the U.S. Department of Health & Human Services Office for Civil Rights database.

As a result, "many of the statistics reported in this article are likely underestimates due to underreporting," they said. 

The absence may be due to low PHI exposure, under guidance from HHS that states HIPAA-covered entities and their business associates do not need to report incidents if they demonstrate a low probability that PHI has been exposed.

THE LARGER TREND

The university researchers said that ransomware increasingly affected large organizations with multiple facilities during the study period. 

However, cybersecurity experts have said that more recently cybercriminals know that larger organizations are spending more on cybersecurity protections and are looking at smaller organizations with smaller budgets that are more vulnerable to their exploits.

In June 2022, Sophos found that ransomware attacks on healthcare entities doubled from 2020 to 2021 in a poll of more than 5,000 IT professionals.

"Healthcare saw the highest increase in volume of cyber attacks (69%) as well as the complexity of cyber attacks (67%) compared to the cross-sector average of 57% and 59% respectively," the Sophos researchers said.

"In terms of the impact of these cyber attacks, healthcare was the second most affected sector (59%) compared to the global average of 53%."

ON THE RECORD

"This cohort study of ransomware attacks documented growth in their frequency and sophistication," the researchers said in the study report. 

"Ransomware attacks disrupt care delivery and jeopardize information integrity. Current monitoring/reporting efforts provide limited information and could be expanded to potentially yield a more complete view of how this growing form of cybercrime affects the delivery of healthcare."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.

Topics: 
Compliance & Legal, Population Health, Privacy & Security

More regional news

Patient does a virtual care consult

Castlight Health intros virtual urgent care for members

By
Mike Miliard
April 18, 2025
HIMSSCast logo

HIMSSCast: Should every healthcare organization have an AI strategy?

By
Mike Miliard
April 18, 2025
Nurse checks tablet to communicate on shift

Zoom launches agentic AI-powered mobile comms for frontline staff

By
Andrea Fox
April 18, 2025
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Nurse checks tablet to communicate on shift
Zoom launches agentic AI-powered mobile comms for frontline staff

Most Read

How UCHealth is reducing fall injuries with AI-enhanced risk modeling
Roundup: AI and cloud tackle cyber risk and improve workflows
Chinese health players begin integrating DeepSeek
DEA's draft special telehealth reg rule should be tossed, healthcare orgs say
Lack of AI governance poses threat to data security, new HIMSS research shows
Judge blocks Trump orders on halting grants over DEI

Research

White Papers

More Whitepapers

Telehealth
Telehealth
Cloud Computing

Webinars

More Webinars

Analytics
Interoperability
Artificial Intelligence

Video

Ilir Kullolli, Stanford Medicine Children's Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
HIMSS-ACCE working together to advance digital health
Vik Bajaj, Foresite Labs_Medical research Photo by Edward Jenner/pexels.com
Healthcare research is being affected by federal budget cuts
Priyanka Jain, Evvy_Hand holding sample vial Photo courtesy of Evvy
How one women's health startup tests fertility outcomes
Keisuke Nakagawa, UC San Diego Health_Las Vegas skyline Photo by halbergman/E+/Getty Images
Can technology help bring the human touch back to medicine?

More Stories

Lee Kim, HIMSS_Las Vegas skyline Photo by halbergman/E+/Getty Images
Past year's data breaches often stemmed from remediable cybersecurity gaps
Cathy Menkiena, Health Catalyst_Las Vegas skyline Photo by halbergman/E+/Getty Images
Innovative – and useful – tech is key to empowering care teams
Sameer Sethi of Hackensack Meridian Health on AI
Hackensack Meridian Chief AI Officer on the intersection of business and technology
Doctor checking and tracking information on a computer
HHS updates regulatory guides for the safe use of EHRs
Sameer Sethi, Hackensack Meridian Health_Computer neural network concept Photo by dan/Moment/Getty Images
Chief AI Officer on becoming one and working with the C-suite
Businessperson signing piece of paper
White House releases guidance on federal AI use and procurement
Dr. Ateev Mehrotra of Brown University School of Public Health on telehealth policy
Brown University policy expert talks about the future of telehealth flexibilities
Micky Tripathi, former HHS acting chief AI officer
Former National Coordinator headed to Mayo Clinic, reports say