Ransomware attacks on health care organizations more than doubled from 2016 to 2021, compromising tens of millions of patients’ personal information and potentially jeopardizing their care.
In what is believed to be the first census of such attacks, investigators report in the journal JAMA Health Forum that 374 ransomware attacks were carried out against clinics, hospitals, dental offices, diagnostic laboratories, emergency medical services and other health care delivery organizations between 2016 and 2021. During that period, the annual number of attacks rose from 43 to 91. The attacks exposed the personal health information of nearly 42 million patients.
The study was conducted by researchers at the University of Minnesota and Beth A.Virnig, Ph.D., M.P.H., dean of the University of Florida College of Public Health and Health Professions, who joined UF last year from the University of Minnesota.
Unlike other data breaches that may be intended only to steal data, ransomware attacks introduce malware into organizations’ electronic systems that is designed to disrupt operations until payment demands are met.
“Like all health care organizations, the threat of ransomware attacks is one of our biggest security concerns,” said David R. Nelson, M.D., senior vice president for health affairs at UF and president of UF Health. “The finding that these attacks are becoming more frequent and more complex is particularly worrisome.”