Imagine having a patient in urgent need of a blood transfusion, but not being able to access their patient record to determine their blood type. These are crucial moments that can determine whether a patient will survive, but healthcare workers are left at an impasse when crucial files are withheld from them. 

Healthcare is one of the most vulnerable industries to cyber attacks in the United States. According to data from the FBI Internet Crime Complaint Center, one-fourth of all ransomware attacks in 2022 targeted organizations within the health and public health sector. Ransomware attacks are the most common form of cyber attacks that healthcare organizations face. Ransomware attacks are when a cyber attacker encrypts files and data on a system so that the organization cannot access it and then demands a ransom in exchange for decryption. Sophos’ annual ransomware report revealed that, on average, it takes $1.85 million dollars to remediate the attack, which is the second highest cost across all sectors. 

As soon as a cyber attack is detected, hospital administration will issue a “Code Dark”, signaling staff to disconnect all internet-connected devices to reduce the impact and reach of the threat. While under attack, healthcare workers lose the ability to access things like electronic patient records, imaging services, and some diagnostic services needed to carry out patient care. Ambulances are redirected, appointments are inaccessible, and surgeries are postponed. The effects spill over as the hospital is forced to send patients to other nearby hospitals, leaving them to deal with an overflow of incoming patients in need of care.

Patient data also faces a great risk. In the process of carrying out ransomware attacks, attackers are obtaining Protected Health Information (PHI), data protected under HIPAA that can identify a patient. This includes extremely revealing information including names, social security numbers, addresses, license plate numbers, etc. In the United States in 2022, over 50 million individuals were affected by healthcare data breaches. These cases of breached records leave patients exposed to identity theft and blackmail. 

With attacks becoming increasingly more sophisticated, the safety of patients is being put more at risk year after year. Organizations have no choice but to continue investing in cybersecurity infrastructure to prevent cyber attacks before they even begin. The healthcare industry is unlike many others when it comes to risks from a cyber attack since for them lives are on the line.