A recent publication in the Journal of the American Medical Association posits that a cyberattack on a single hospital could inadvertently affect other nearby healthcare facilities. It was found that an increase in patient flow and lack of sufficient resources could result from a nearby facility experiencing a ransomware attack, potentially delaying critical services.
Further effects may encompass a surge in ambulance arrivals, extended waiting times, patients not being attended to, and prolonged patient stays. The researchers who carried out the study concluded that disruptions caused by cyberattacks on hospitals should be viewed as regional disasters.
The study proposes that ransomware and similar cyber threats causing significant disruptions to regional hospitals should be classified as disasters, thereby necessitating a collaborative approach in planning and response.
The frequency and sophistication of ransomware attacks on the healthcare sector have seen an uptick in the past decade, as observed in the study. This was particularly notable during the COVID-19 pandemic, when ransomware attacks placed additional strain on Health Delivery Organizations.
There has been heightened concern from Congress about the escalation in cyber threats facing the healthcare industry. Policies, legislation, and strategies aimed at addressing and lessening the impact of cyberattacks on the healthcare sector have been introduced by lawmakers over the past year.
Last year, a report by Sen. Mark Warner (D-Va.), the chair of the Senate Intelligence Committee, highlighted the increasing occurrence of bold and disruptive attacks on the healthcare sector. These attacks not only put sensitive personal information at risk but also cause treatment delays, ultimately leading to amplified distress and mortality.
Warner's report recommended that the federal government enhance cybersecurity risk prevention in the healthcare sector. It also suggested helping the private sector in curbing cyber threats and assisting healthcare providers in their response and recovery from cyberattacks.
Sens. Jacky Rosen (D-Nev.) and Bill Cassidy (R-La.) proposed a bill last year that would necessitate collaboration between the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services to bolster cybersecurity standards in the healthcare and public health sectors.
The healthcare sector is especially susceptible to ransomware attacks due to its handling of sensitive data and its responsibility for patient health and safety.