Cyberattacks on hospitals: A cyber pandemic on the rise

• Author:
• Author name

  Quantumrun Foresight
• November 23, 2021

The surge in cyberattacks on hospitals poses a significant threat to patient care and data security. These attacks not only disrupt critical healthcare services but also expose sensitive patient information, undermining trust in healthcare institutions. To counter this, a shift in priorities is required, with increased investment in cybersecurity infrastructure and personnel, and the implementation of robust data protection measures.

The context for cyberattacks on hospitals

According to the US Department of Health and Human Services, cyberattacks targeting hospitals have increased by nearly 50 percent since 2020. These hackers encrypt or lock up hospital data so that healthcare professionals cannot access critical files like patient records. Then, to unlock the medical data or hospital systems, hackers demand a ransom in exchange for the encryption key. 

Cybersecurity has always been a weak spot for healthcare networks, but the increase in cyberattacks and reliance on telemedicine have made cybersecurity increasingly vital for this sector. Multiple cases of health sector cyberattacks made the news in 2021. One case involved the passing of a woman who was turned away by a hospital in Germany whose operations were impaired by a cyberattack. Prosecutors attributed her death to the delay in treatment caused by the cyberattack and sought justice against the hackers. 

The hackers encrypted data that coordinated doctors, beds, and treatments, reducing the hospital’s capacity by half. Unfortunately, even after the hackers provided the encryption key, the decryption process was slow. As a result, it took hours to undo the damage. Establishing legal cause is difficult in medical cases, especially if the patient suffers from a severe illness. However, experts believe that the cyberattack made the situation worse. 

Another hospital in Vermont, US, struggled with a cyberattack for over a month, making patients unable to schedule appointments and leaving doctors in the dark about their schedules. In the US, there have been over 750 cyberattacks in 2021, including incidents where hospitals have been unable to administer computer-controlled cancer treatment. 

Disruptive impact

The long-term implications of cyberattacks on hospitals are far-reaching and could significantly impact the healthcare sector. One of the most immediate concerns is the potential for disruption of critical patient care. A successful cyberattack could compromise hospital systems, leading to delays or errors in diagnosis and treatment. This disruption could have serious consequences for patients, particularly those requiring immediate or ongoing care, such as individuals in emergency situations or those with chronic conditions.

The rise in telemedicine, while beneficial in many ways, also presents new challenges in terms of cybersecurity. As more patient consultations and medical procedures are conducted remotely, the risk of data breaches increases. Sensitive patient information, including medical histories and treatment plans, could be exposed, leading to potential violations of privacy and trust. This incident could deter individuals from seeking necessary medical care out of fear that their personal information could be compromised.

For governments and healthcare organizations, these threats require a shift in priorities. Cybersecurity needs to be considered a critical aspect of healthcare provision, requiring significant investment in infrastructure and personnel. This investment could lead to the creation of new roles within healthcare organizations, focused specifically on cybersecurity. In the long term, this could also influence the education sector, with more emphasis placed on cybersecurity within healthcare-related IT programs.

Implications of cyberattacks on hospitals

Wider implications of cyberattacks on hospitals may include: 

• Hospitals and health networks accelerating their digital modernization efforts to replace vulnerable legacy systems with more robust digital platforms that are more resilient against cyberattacks.
• Future incidents leading to patient deaths as hospitals are either forced to temporarily close down, redirect emergency care to other hospitals, or are forced to operate using outdated methods until hospital network access is restored.
• Illegally accessed patient records being sold online and potentially used for blackmail and impacting certain people’s access to employment or insurance. 
• New legislation increasing the liability of patent harm and deaths toward cybercriminals, increasing the costs and jail time cybercriminals would face if caught.
• Future patient-driven, class action lawsuits being directed at hospitals that do not adequately invest in their cybersecurity.
• A potential increase in medical errors due to system disruptions from cyberattacks, leading to decreased patient trust in healthcare institutions.
• The development of more robust cybersecurity measures in healthcare, leading to enhanced data protection and patient privacy.

Questions to consider

• Do you think hackers are responsible for the death of patients that receive delayed treatment due to a cyberattack? 
• Why do you think cyberattacks increased during the COVID-19 pandemic?