Source URL: https://www.theregister.com/2024/10/24/ransomware_ripple_effect_hospitals/
Source: The Register
Title: Ransomware’s ripple effect felt across ERs as patient care suffers
Feedly Summary: 389 US healthcare orgs infected this year alone
Ransomware infected 389 US healthcare organizations this fiscal year, putting patients’ lives at risk and costing facilities up to $900,000 a day in downtime alone, according to Microsoft.…
AI Summary and Description: Yes
**Summary**: The text discusses the alarming rise of ransomware attacks on U.S. healthcare organizations, emphasizing the severe financial and health impacts of such incidents. It highlights specific data on the increase in patient care costs and how ransomware affects emergency medical services (EMS).
**Detailed Description**:
The report from Microsoft details the significant rise in ransomware targeting healthcare organizations in the U.S. The consequences of these attacks are dire, both for the healthcare facilities and the patients they serve. Key points include:
– **Scope of Attacks**:
– 389 U.S. healthcare organizations were infected by ransomware in the current fiscal year.
– Financial costs due to these attacks reach approximately $900,000 a day in downtime alone.
– **Monetary Impact**:
– Healthcare facilities affected incur an average admitted payment of $4.4 million after an attack.
– UnitedHealth’s expenses related to the Change Healthcare ransomware attack include $776 million for network restoration and $1.4 billion in increased medical care expenditures.
– The company’s CEO confirmed paying a $22 million ransom demand.
– **Patient Care Crisis**:
– The urgency of treatments, particularly for strokes, is placed at risk; a nearby hospital saw a dramatic increase in stroke code activations (from 59 to 103) and a 113.6% rise in confirmed strokes during the attack period.
– Reported cardiac arrests at a nearby hospital rose by 81%, with survival rates for out-of-hospital cardiac arrest cases plummeting from 40% to just 4.5% during ransomware-related disruptions.
– **Diversion of Emergency Services**:
– Ransomware attacks also lead to diversion of emergency medical services, with a reported 35.2% increase in EMS arrivals at other facilities when one hospital is compromised.
– **Threat Actor Landscape**:
– Attacks are typically carried out by organized groups, with ransomware-as-a-service contributing to a 300% increase in incidents due to reduced entry barriers for attackers.
– Notably active groups include those from Iran and Russia, with evidence pointing to Iranian actors collaborating with ransomware affiliates and Chinese groups exploiting these attacks for espionage.
This report serves as a crucial reminder of the intersection of cybersecurity and health services, illustrating the urgent need for security improvements in the healthcare sector to protect sensitive data and ensure patient safety. Security professionals and compliance regulators should be particularly aware of the implications of these findings, emphasizing proactive measures and enhanced cybersecurity protocols within healthcare infrastructures.