Ransomware attacks in the healthcare industry have been on the rise in recent years. These attacks involve malicious software that encrypts an organization’s data and systems, rendering them unusable until a ransom is paid. Healthcare organizations are an attractive target for cybercriminals because patient care relies heavily on access to computer systems and medical records. A ransomware attack can cause massive disruption to hospital operations and patient care.
Recent Attacks
One of the most devastating recent ransomware attacks on a healthcare system was the attack on Universal Health Services (UHS) in September 2020. UHS operates over 400 hospitals and care facilities in the United States and the United Kingdom. On September 27th, 2020, UHS facilities across the US began experiencing IT outages due to what was later confirmed to be a ransomware attack. With their computer systems and medical records inaccessible, facilities had to revert to using paper records, causing major slowdowns. The attack forced certain UHS hospitals to turn away ambulances and redirect patients to other hospitals while they worked to restore their systems.
While UHS has not disclosed many details about the attack, it was reported to be from the Ryuk ransomware. Ryuk is an extremely lucrative ransomware strain known to target large corporations and public institutions. The operators behind Ryuk reportedly earned over $150 million in cryptocurrency ransom payments in 2020 alone. UHS is suspected to have paid a multi-million dollar ransom to regain access to its systems, although the exact amount remains undisclosed.
Another major ransomware attack hit Ireland’s national healthcare system, the Health Service Executive (HSE), in May 2021. The attackers used a Conti ransomware variant to target and encrypt HSE systems across the country, causing nationwide disruption to hospitals and patient care services. As Ireland’s public healthcare system, the HSE provides healthcare services to over 4 million Irish citizens. The attack forced hospitals to cancel appointments, divert ambulances, and delay surgeries and diagnostics while IT systems were inaccessible.
The major outages lasted nearly a week before the HSE was able to start restoring IT systems and patient services. While no ransom was paid, the attack is estimated to have cost the HSE nearly $100 million due to disrupted services, restoration efforts, and lost revenue. Patient safety was also put at risk with doctors unable to access patient records, imaging results, and scheduling systems.
Impact on Patients and Hospital Operations
Ransomware can severely impact hospital operations and patient care when systems are locked down. Doctors may be unable to view medical records, imaging scans, lab results, or treatment histories during an attack. This slows down care and can even lead to patient harm if accurate data is not available when needed. Without access to scheduling and registration systems, appointments must be canceled and new patient intakes suspended.
Some of the major impacts include:
- Disrupted access to patient medical records, lab results, and imaging studies
- Inability to schedule appointments, procedures, or surgeries
- Delayed emergency care and ambulances being diverted
- Canceled surgeries or treatments that rely on inaccessible medical devices
- Billing and insurance verification issues
Hospitals may be forced to turn away all but the most critical patients until systems can be restored. Communication is hindered with email and internal messaging down. Staff must revert to paper-based documentation which greatly slows workflows. The need to suddenly cancel and reschedule thousands of patient appointments creates massive backlogs.
Restoring Systems
It can take healthcare IT teams weeks or more to fully restore systems after a major ransomware attack. First, malware and backdoors used by the attackers must be identified and removed to prevent reinfection. In most cases, the quickest way to restore access is by rebuilding infected servers and computers from scratch.
Medical devices such as MRI machines, CT scanners, and other specialized healthcare equipment also have to be checked for malware and restored. These expensive devices are difficult to patch and often run outdated operating systems, making them vulnerable to cybercriminals. The FDA has issued guidance urging healthcare systems to pay more attention to medical device security.
Once core clinical systems are back online, all the disrupted services like appointments, surgeries, labs, referrals, and medications have to be rescheduled. Billing and insurance claims processing is backed up, resulting in major revenue losses. It can take months of concerted effort across the entire healthcare system to catch back up.
Preparing redundant backup systems in advance allows for faster IT recovery after an attack. However, restoring from backups can still be challenging if the malware has infected the backup files or remains persistent in the network. Preventing ransomware should be the ultimate goal rather than relying on recovery.
Costs of Ransomware Attacks
Beyond the ransom payment itself, ransomware attacks inflict severe financial costs on healthcare providers including:
- Remediation expenses – Extensive IT and forensic expenses are required to investigate the attack’s scope, restore systems from backups, remove malware across all devices, and harden security.
- Lost revenue – Patient appointments need to be canceled and new intakes suspended. Facilities may operate at limited capacity during restoration.
- Reputational damage – Patients lose trust after an attack, and the organization’s reputation can take years to rebuild. This leads to loss of future revenue.
- Legal liabilities – Lawsuits from affected patients and data breaches result in fines, legal fees, and settlement costs.
- Increased insurance premiums – Cyberattack claims drive up premiums for cyber liability and business interruption policies.
Most ransomware attacks on healthcare organizations result in total costs between $5 million to $10 million or more. Even if you pay the ransom, it only accounts for a fraction of the total financial impact.
Preventing Ransomware Attacks
While no organization can be 100% secure from ransomware, following best practices can reduce the risk of an attack:
- Educate staff on cybersecurity – Train employees to recognize phishing emails and other social engineering tactics that deliver malware.
- Deploy antivirus/antimalware tools – Maintain active and frequently updated endpoint security on all systems and devices.
- Install software patches promptly – Apply latest security updates to operating systems, applications, browsers etc.
- Use strong passwords – Enforce complex passwords with multi-factor authentication where possible.
- Restrict and monitor remote access – Limit admin privileges and use VPNs for remote access.
- Back up critical data – Maintain regularly tested backups offline to avoid backup corruption.
- Monitor systems for threats – Employ centralized logging and security information event management (SIEM).
- Install email and spam filtering – Block dangerous file types, scan links, and filter out phishing attempts.
- Segment networks and firewalls – Prevent lateral movement between systems and access to backups.
Healthcare systems should take steps now to prevent falling victim to the crippling effects of ransomware. With cyberattacks against hospitals on the rise, organizations need to harden infrastructure and endpoints, provide user education, maintain top-tier backup systems, and establish an incident response plan for when an attack occurs.
Conclusion
Ransomware remains one of the most severe cyber threats facing healthcare organizations today. Major attacks can grind hospital operations to a halt, disrupt vital patient care services, and result in millions of dollars in damages and restoration costs. While ransom payments garner headlines, the full impact extends far beyond the ransom alone.
Recent major attacks like those on Universal Health Services and Ireland’s Health Service Executive spotlight the havoc ransomware can inflict on healthcare systems. With lives on the line, hospitals and clinics cannot afford prolonged shutdowns. Comprehensive security and backup protocols are essential to defend against ransomware and quickly rebuild when an attack strikes.
Healthcare leaders must take ransomware seriously and implement robust cybersecurity measures proactively. Staying vigilant and protecting infrastructure from compromise will help reduce the major risks that come with ransomware attacks in healthcare settings.
