Scores of healthcare organizations suffered breaches and demands for ransom over the past year, and cybersecurity experts urge executives to be very engaged in protecting their systems.
It’s a story being repeated with disturbing regularity.
Hospitals and health systems of all sizes, in all areas of the country, are experiencing cyberattacks. In the first half of the year alone, more than 220 cyberattacks targeted health systems, according to the American Hospital Association. Hospitals are dealing with hackers infiltrating their computer systems and demanding ransom payments to restore their systems.
As Chief Healthcare Executive® continues reviewing our most popular stories of the year, we look at our stories on data and technology issues. In a sign that cyberattacks are indeed a top concern of health and hospital leaders, our top five tech stories this year all involve cybersecurity.
Cyberattacks can be very costly to hospitals financially, as the cost of the average healthcare breach has risen to nearly $11 million, according to an analysis by IBM Security.
However, cyberattacks are also having an impact on patient care, as hospitals have had to delay surgeries and divert ambulances due to attacks.
(Cybersecurity experts spoke with Chief Healthcare Executive® about emerging threats facing hospitals in this video. The story continues below.)
In early January, Chief Healthcare Executive® reviewed the largest cyberattacks and data breaches in the previous 12 months.
Hundreds of cyberattacks were reported in 2022, but the 11 largest breaches of private health data had one thing in common: Each affected more than 1 million individuals.
Some ransomware attacks are targeting hospitals, while other attacks have targeted firms providing services to health systems and medical practices.
Some breaches also involved systems reporting the unauthorized disclosure of patient information through tracking tools on their websites.
A medical group based in southern California was hit with a ransomware attack that potentially exposed the private health information of patients.
Regal Medical Group posted the information on its website in February. More than 3.3 million individuals may be affected, according to a filing with the U.S. Department of Health & Human Services’ Office of Civil Rights.
Regal said the breach, which it said originated from a “ransomware cyberattack,” occurred on or about Dec. 1, 2022.
Singing River Health System, which operates three hospitals on Mississippi’s Gulf Coast, confirmed that it was hit with a cyberattack in August. The attack forced the organization to take its computer systems offline.
Laurin St. Pe, Singing River’s interim CEO, told WLOX-TV in August that all of the computers at the system’s hospitals and clinics were offline.
“Literally, we are documenting on paper,” St. Pe said in August.
Ardent Health Services said it experienced a ransomware attack, which affected hospitals in several states.
Ardent, a for-profit system operating 30 hospitals and scores of other healthcare sites in six states, said the breach occurred on Thanksgiving. As a result of the attack, hospitals had to temporarily divert ambulances for several days after the attack. Ardent said earlier this month that it was making progress in its recovery efforts, but some elective surgeries were still being postponed. Electronic health records were taken offline, but they have been restored.
The organization says it has been working with authorities and other threat intelligence advisers since the attack.
The Hospital Sisters Health System, more commonly called HSHS, and Prevea, a physician group, said in August that they were affected by a cybersecurity attack.
Some procedures and appointments were postponed, the systems said.
Phone and email service was down temporarily, but HSHS has restored those services. Due to the heavy call volume, patients experienced long waits or dropped calls when they tried to reach clinics and hospitals.