Cyber Attacks Are on the Rise in Hospitals, Incidences Have More Than Doubled in 5 Years

Hospitals have become an increasingly common target for cybercriminals in recent years, and the aftermath can be costly and life-threatening for patients.

Annual ransomware attacks on hospitals more than doubled from 2016 to 2021, according to a new report published on the JAMA Network. The number of incidences jumped from 43 in 2016 to 91 in 2021. Of the targeted hospitals, 44% said their ability to deliver healthcare was impacted by the breach.

John Riggi, a senior adviser for cybersecurity and risk at the American Hospital Association, wrote in a report that "a ransomware attack on a hospital crosses the line from an economic crime to a threat-to-life crime."

"Not only are cybercriminals more organized than they were in the past, they are often more skilled and sophisticated," he wrote.

One affected hospital, Johnson Memorial Health in Franklin, Indiana was targeted by the ransomware group "Hive," and the hackers demanded $3 million in Bitcoin in October 2021, NPR reported.

After consulting with cybersecurity experts at the FBI, Johnson Memorial did not pay the ransom and instead disconnected its servers following the attack.

However, the hospital had to revert to more old-fashioned ways to carry out healthcare — including physically guarding the obstetrics unit where newborns are typically protected from unauthorized parties by security bracelets and nurses using Google translate to communicate with patients after remote translation technology was shut off after the attack.

The hospital's chief operating officer, Rick Kester, told NPR that it took nearly six months to "resume normal operations."

Related: The Jaw-Dropping Range of Cybercrimes is Due to the Gap in the Cybersecurity Workforce

According to the Department of Justice, the Hive is responsible for over 1,500 cyberattacks since 2021 and has received more than $100 million in ransom payments. One of the affected hospitals also had to resort to analog methods to treat patients (similar to Johnson Memorial) and was unable to accept new patients immediately following the attack, the Department of Justice added.

For hospitals, the fear of being hacked isn't just monetary — it puts patients' lives at risk by derailing the technology necessary to carry out patient care.

"You ask many CEOs across the country, 'What keeps you up at night?' Of course, [they're] talking about workforce, financial pressures, and they say, 'The possibility of a cyberattack,' Riggi told NPR.

Related: This Type of Cyber Attack Preys on Your Weakness. Here's How to Avoid Being a Victim.