Ransomware Attacks are Increasing Hospital Mortality Rates

image provided by pixabay

This post is also available in: עברית (Hebrew)

Though blaming the deaths of hospital patients on ransomware attacks might seem far-fetched, this claim has more basis in reality than you might think.

A study published by academics from the University of Minnesota’s medical school analyzed the aftermath of ransomware attacks on hospitals in the US and found evidence to suggest that mortality rates typically increase by around 20%.

The researchers explain that the category of patients that were most affected were patients who were already hospitalized at the time of the ransomware attack, compared to patients who were admitted after it happened. This most likely is because after the attack hospital staff usually adjusts procedures to take into account unavailable IT systems.

According to Cybernews, the paper claims that mortality rates were the highest for patients at hospitals that experienced the highest severity of ransomware attacks (where mortality rates increased 36-55%) and for patients of color (for whom mortality rates increased 62-73%).

The researchers explain that on a normal day-to-day, roughly every 3 out of 100 hospitalized patients pass away in the hospital. However, during a ransomware attack that number goes up to at least 4 out of 100. “From 2016 to 2021, we estimate that ransomware attacks killed between 42 and 67 Medicare patients,” they said, adding that the numbers would likely be higher if they looked at data from patients with other types of health insurance coverage.

Some experts call healthcare “a hacker’s playground,” due to being widely targeted by cybercriminals. Some possible reasons for this include the fact that hospitals have a huge number of electronic systems essential to providing care, and that many of the people operating these systems are distracted and can be susceptible to hackers’ infiltration techniques. Another main reason is that these cyberattacks have such a severe impact on such an essential service that is it highly likely that the hospitals and healthcare providers will hurry to pay the ransom to the criminals, meaning it is a profitable target.