Healthcare Disruptions Rise Due to Ransomware Attacks

April 17, 2023

According to a new study, ransomware attacks against healthcare organizations have seen an uptick in the past two years. These cyberattacks that lock up computer systems and demand payment in order to unlock them disrupt hospitals’ operations and patient care.

Researchers examined data from HHS from 2016-2021 and discovered that ransomware attacks doubled between 2016-2021, rising from 43 to 91 incidents annually. Nearly half (44%) of these attacks disrupted healthcare delivery by causing electronic system downtime or cancellations of scheduled procedures.


Ransomware attacks are one of the most frequent cyberthreats hospitals and other healthcare organizations face. They typically involve hackers encrypting data and demanding payment in exchange for unlocking it.

Ransomware attacks on healthcare clinics, hospitals, delivery organizations and ambulatory surgical centers are on the rise in both frequency and sophistication. A recent study revealed that these attacks are having a detrimental impact on patient care and safety.

Researchers also noted that the number of cyber attacks is likely underestimated due to underreporting. Furthermore, the federal database designed to track such breaches lacks data that would give a comprehensive picture of how these breaches affect the industry.

Unfortunately, many healthcare organizations fail to report ransomware events as required by HIPAA. In fact, 54 percent of all analyzed attacks were reported outside of the legislated 60-day reporting window. As a result, these late reports may not accurately reflect the true scope of the issue, since they do not include confirmation that all encrypted information has been decrypted and restored.

Researchers from the Universities of Minnesota and Florida recently conducted a study that revealed an uptick in ransomware attacks against healthcare delivery organizations. These attacks expose personal health information for tens of millions of patients to potential risks.

They also discovered that ransomware attacks are exposing more protected health information (PHI) than ever before. Over five years, the annual number of ransomware attacks rose from 43 to 91, exposing nearly 42 million patients’ PHI.

Researchers found that this increases the probability that PHI could be compromised and put patient care at risk. Such attacks could result in lost productivity, delays in treatment or complications during procedures.

Health care organizations must act swiftly upon learning of a ransomware attack. They should contact federal and local law enforcement, learn about anti-ransomware resources, and restore any affected systems. If possible, they should also reevaluate their cybersecurity measures; doing so will help safeguard their systems against future attacks and protect them in the future.

Cancelled Procedures

Ransomware attacks against health care organizations disrupt care delivery, potentially leading to negative patient outcomes and placing patient safety in jeopardy. Indeed, the American Hospital Association calls these types of cyberattacks “threat-to-life crimes,” since they directly threaten a hospital’s capacity to provide medical care.

Ransomware not only exposes patients’ personal health information (PHI), but it can also disrupt hospitals’ electronic systems and force providers to use pen and paper charting, cancel scheduled procedures or divert ambulances from emergency rooms. This is especially true for large healthcare delivery organizations with multiple facilities that are more vulnerable to attack by cybercriminals.

Furthermore, the amount of time it takes an organization to restore its electronic systems and recover lost data from backups can be considerable. This makes ransomware an attractive target for malicious actors who aim to take advantage of weak security measures.

Over the past two years, ransomware attacks on health care delivery organizations have grown more sophisticated and targeted medical devices in addition to networks, servers, PCs and databases. These attacks can now access and steal PHI from organizations with greater frequency.

Researchers examined the number of ransomware attacks against US health care delivery organizations from 2016-2021, finding that they more than doubled from 2016 to 2021, exposing PHI for nearly 42 million patients. Nearly half (48) affected care delivery, with common disruptions including electronic system downtime (156 [41.7%], cancellations of scheduled care (38 [10.2%]) and ambulance diversion (16[4.3%]).

Recent examples of ransomware attacks occurred at Memorial Health, a Cleveland-based hospital that was forced to cancel surgery due to the attack on its network. While it’s uncertain if any patient information has been compromised, the hospital said they are working with the FBI on negotiations with hackers and have robust processes in place for protecting patient data.

Ambulance Diversion

Ransomware attacks are on the rise, and they’re hitting healthcare hard. A study published in December 2022 by JAMA Health Forum revealed that from 2016 to 2021 there were 374 attacks against healthcare delivery organizations that exposed nearly 42 million patients’ personal health information (PHI).

Due to this, healthcare disruptions are on the rise. Recently, Eskenazi Health in Indianapolis had to divert ambulances for hours due to a ransomware attack that shut down its IT systems. Furthermore, they cancelled elective surgery and radiology exams as a precautionary measure.

Diversion can be necessary to address overcrowding problems in hospitals. Unfortunately, it also has a detrimental effect, causing nearby hospitals to go on diversion status until they reach capacity, leading to even more bottlenecks and delays for other patients waiting for care.

Diversion may not seem like a big issue, but it has important ethical and practical repercussions for patients, families, EMS providers, physicians, nurses and hospitals. Unfortunately the situation is complex with no one-size-fits-all solution.

Ambulance diversion is often done to alleviate overcrowding in the Emergency Department (ED), but it could also be the result of a ransomware attack on a hospital’s network. When an ER goes on diversion, ambulances cannot transport trauma patients back to either that same ED or other nearby hospitals.

Delays in ambulance services can have a detrimental effect on patient care and safety, particularly for those suffering from serious illnesses. For instance, if an ambulance cannot transport patients to the ER due to diversion, then they won’t be able to receive care at the nearest hospital – which could be more than one mile away – until another one arrives.

This issue has the potential to have a devastating impact on patients’ lives, making it an issue that cannot be ignored. That is why some hospitals and at least one state have prohibited diversion altogether. But eliminating diversion by choice or mandate won’t solve the overcrowding problem without other strategies like restructuring schedules to better match demand or hiring additional staff members.

Patient Deaths

In the United States, no reported cases of patient death as a result of ransomware attacks have been documented. However, new research indicates that many healthcare organizations report an increase in patient mortality rates after such attacks.

According to a recent study by The Ponemon Institute, nearly 25% of healthcare providers reported an increased death rate after ransomware attacks. This could have an adverse effect on patients’ quality of life and health outcomes since they cannot access necessary care immediately following an attack.

Over a three year period from 2016-2021, 374 ransomware attacks targeted healthcare delivery organizations. These breaches exposed PHI of 41 987 751 million individuals and disrupted operational activities of these institutions. Despite increasing frequency and sophistication, ransomware attacks remain a serious threat for these healthcare delivery businesses.

Ransomware poses an especially high risk due to the evergreen nature of healthcare data. While financial information can be quickly altered, health records and medical histories are more intractable. This provides cybercriminals with a unique opportunity to exploit millions of patients’ personal details, potentially leading to long-term fraudulence.

Organizations are taking measures to combat ransomware attacks and mitigate the risk associated with healthcare data breaches. HIPAA Risk Analysis – Risk Management is one such example, helping uncover vulnerabilities and reminding organizations of their obligations to safeguard protected health information (PHI) year round.

Another way to prevent healthcare data breaches is conducting a risk assessment of connected vendors before signing any contracts. This can help determine how vulnerable the vendor is to ransomware attacks and whether it’s suitable for working with an attached hospital.

Though a risk assessment may seem like a small step, it can save an organization valuable time and money after an attack. Furthermore, it helps them create a strategy to address potential threats in the future. Furthermore, by performing this assessment they are able to estimate how long they need to recover from ransomware attacks before resumeing services.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Security Practitioners Should Understand Their Business

Security Practitioners Should Understand Their Business

Discover why security practitioners should understand their business context for more effective cybersecurity strategies. With devastating data breaches and ransomware attacks dominating headlines and putting people’s lives at risk, cybersecurity has been elevated to...

Shadow Data is A Growing Risk

Shadow Data is A Growing Risk

Shadow data: A growing risk to your organization's security. Learn how to tackle and mitigate this growing threat. Businesses are embracing the cloud for multiple reasons, including cost savings and business acceleration. But these gains are accompanied by growing...

Delinea Adds New Features

Delinea Adds New Features

Delinea adds new features for its privilege manager and devops secrets vault that reduce friction on workstations and help balance security and velocity. This includes enhanced privilege elevation workflows and improvements to our native MacOS agent for the latest...

Recent Case Studies

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us