Fri | Jan 5, 2024 | 4:37 AM PST

Ransomware continues to pose an alarming threat to critical infrastructure, with the healthcare sector being particularly vulnerable to its devastating effects. This malicious software has the power to disrupt medical facilities and compromise patient care, making it a pressing issue that demands immediate attention.

A recent report from Emsisoft sheds light on the impact of these attacks, highlighting that ransomware incidents are not just a financial burden but pose a tangible risk to human lives.

In 2023, the United States witnessed a surge in ransomware attacks, with 46 hospital systems comprising 141 hospitals directly impacted. The consequences of such attacks extend beyond financial losses, reaching a critical point where patient care is jeopardized.

The report emphasizes that every second counts in medical emergencies, and delayed access to treatment due to ransomware attacks can result in adverse outcomes, including fatalities or permanent disabilities.

Ambulances rerouted from ransomed hospitals, delayed requisitions and tests, and inaccessible electronic health records contribute to compromised patient care. The report cites incidents where patients received incorrect medication doses due to hospital computer systems being down, underscoring the potentially life-threatening consequences of such attacks.

It is estimated that between 2016 and 2021, ransomware attacks led to the deaths of between 42 and 67 Medicare patients.

The impact of ransomware is not confined to the targeted hospitals alone. The report refers to research indicating that nearby hospitals dealing with additional patients due to ransomware-induced disruptions may experience "resource constraints affecting time-sensitive care for conditions such as acute stroke." This highlights the domino effect that ransomware attacks can have on healthcare delivery at a regional level, categorizing them as a regional disaster.

In addition to the immediate threats posed by ransomware attacks on healthcare facilities, Emsisoft's report reveals that at least 32 out of the 46 impacted hospital systems had information, including protected health information, stolen. This compounds the challenges, as patient data breaches have long-term implications for individuals' privacy and can lead to further complications in managing and preventing medical identity theft.

Emsisoft's report makes a compelling case for the urgent need to ban ransom payments. Acknowledging the potential short-term challenges such a ban may pose, the report emphasizes that the long-term benefits far outweigh these concerns.

Darren Williams, CEO and Founder at BlackFog, discussed this with SecureWorld News:

"The ban on ransomware payments is an important step to combat the growing ransomware problem in the U.S. and globally. Ransomware's demonstrated danger to the healthcare system is increasingly alarming. While cyberattacks can be a major disruption to any organization, they can be especially crippling for hospitals and healthcare facilities, with large volumes of confidential data subject to data exfiltration, putting patients' lives at risk.

While paying a ransom may seem like a viable solution, it only contributes to extensive harm in the long term. If cybercriminals know hospitals or other businesses are willing to cooperate, they are likely to continue with their attacks. Implementing a ban on ransomware payments, specifically for hospitals, will ensure that payment is not possible, and hopefully deter cybercriminals from targeting the healthcare industry."

By making ransomware attacks financially unviable, a ban on payments could effectively curb the growing trend of attacks and protect not only financial assets but, more importantly, human lives.

As ransomware attacks continue to escalate, the healthcare sector emerges as a frontline victim, with potentially dire consequences for patients. The Emsisoft report serves as a clarion call for immediate and decisive action, urging governments and healthcare institutions to prioritize cybersecurity measures that can safeguard not only sensitive data but the lives that depend on the uninterrupted functioning of medical facilities.

The time to act is now, as the longer ransomware remains unchecked, the more lives are at risk.

Follow SecureWorld News for more stories related to cybersecurity.