Healthcare Cyber Attacks
- Srishti Bhattacharya
- 4 days ago
- 3 min read
Article written by: Srishti Bhattacharya
Article designed by: Srishti Bhattacharya & Palak Tiwari
What is a healthcare cyberattack?
In 2024, about 92% of healthcare institutions and organizations experienced cyberattacks in the U.S., and these attacks averaged 19 days of downtime for these vital organizations. Cyberattacks against healthcare institutions are increasing through the years. Hackers break into patients’ personal electronic health records, harming patient privacy and safety. Important information about patients can be lost, such as names, addresses, social security numbers, insurance details, and medical information like diagnoses, medications, and other data. Cyberattacks that cause hospitals or other organizations to lose important information are dangerous for patients because it can cause identity theft, financial fraud, and blackmail. The biggest risk from loss of medical information is incorrectly treating patients, as altered/stolen records can create prescription errors. It causes long-term damage to patients’ medical history, which can affect their health horribly if never caught or fixed.
Cyberattacks do not only affect patients, as health institutions suffer from losing patients’ trust, lawsuits and financial consequences. When patients’ privacy and personal information are stolen, the patient and provider relationship is ruined because patients can no longer trust their doctors to safely treat them and keep their information private. Hospitals can be sued over cyberattacks and earn a bad reputation. They may face penalties and fines under HIPAA’s Privacy and Security Rules, which requires healthcare organizations to implement administrative, physical, and technical safeguards to protect electronic protected health information from cyberattacks. Hospitals also face heavy costs from attacks for system restoration and data recovery.
Large-scale cyberattacks can cripple hospital information systems by stopping networks, encrypting data, stealing patient information, and by causing malfunctioning medical equipment. The shutdown of hospital information systems makes all records of patient information, clinical operations, billing, appointments, and medical machines/resource management inaccessible. The inability for medical equipment to work and accessing medical information causes heavy costs for hospitals.
The canceled and delayed appointments cause immediate revenue loss. During the shutdown, emergency expenses on IT or information services, temporary staffing, and equipment rentals cost millions. Hospitals have to deal with restoration costs for equipment, and also increased labor costs as staff have to work longer hours in order to revert to manual systems. One day of downtime can cost healthcare organizations an average of 2 million dollars. In the case of a ransomware attack, where the attacker encrypts data to make it inaccessible for hospitals, hospitals may have to pay more millions to recover the data. In 2024, Change Healthcare, a subsidiary of UnitedHealth Group, experienced a ransomware attack by BlackCat ransomware group, which affected U.S. healthcare operations. This attack stole personal information from around 190 million people, and forced Change Healthcare to pay $22 million dollars for ransom.
Other negative effects of healthcare cyberattacks are research data and medical innovation loss. The theft or deletion of information can include important research and medical innovations that may contribute to the speedy recovery of patients and the cure of different diseases. These dangerous cyberattacks are the reason why healthcare organizations must keep safeguards and protect their data, their machines, their patients' privacy and safety.
Works Cited
Mishra, Vibhu. “Cyberattacks on Healthcare: A Global Threat That Can’t Be Ignored.” UN News, 8 Nov. 2024, news.un.org/en/story/2024/11/1156751.
“Cyberattacks on the Healthcare Sector.” Check Point Software, www.checkpoint.com/cyber-hub/cyber-security/what-is-healthcare-cyber-security/cyberattacks-on-the-healthcare-sector/.
Riggi, John. “The Importance of Cybersecurity in Protecting Patient Safety.” AHA Center for Health Innovation, 2024, www.aha.org/center/cybersecurity-and-risk-advisory-services/importance-cybersecurity-protecting-patient-safety.
Comments