By HFT Staff

A recent study has confirmed that healthcare cyberattacks not only cause disruption at the organization that experiences an attack but also at emergency departments at neighboring hospitals, where patients face longer wait times due to increased patient numbers which place a strain on resources. 

The study involved a retroactive analysis of two academic emergency departments operated by a healthcare delivery organization (HDO) in San Diego, which were in the vicinity of an unrelated HDO that experienced a ransomware attack. The researchers looked at adult and pediatric patient volume, emergency medical services diversion data, and emergency department stroke care metrics for four weeks prior to the attack, during the attack and four weeks after the attack. 

The ransomware attack in question occurred on May 1, 2021, and affected an HDO with four acute care hospitals, 19 outpatient facilities and more than 1,300 combined acute inpatient beds. The attack prevented access to electronic medical records and imaging systems and affected the HDO’s telehealth capabilities. Staff were forced to use pen and paper to record patient information and emergency traffic was redirected to unaffected facilities. The attack caused disruption for four weeks, and around 150,000 patient records were compromised. 

Related Content: Healthcare Facilities Wrestle with a New Era for Security

An attack on one hospital will often see patient numbers increase at neighboring hospitals, and the increased volume of patients and resource constraints impact time-sensitive care for health conditions such as acute stroke. The researchers found there were significant disruptions to services at the neighboring healthcare facilities, even though they were not targeted or directly affected by the ransomware attack. Compared to the period before the attack, there was a 15.1 percent increase in the daily mean emergency department census, a 35.2 percent increase in mean ambulance arrivals, a 6.7 percent increase in mean admissions, a 127.8 percent increase in patients leaving without being seen, a 50.4% increase in visits where patients left against medical advice and a 47.6 percent increase in median waiting room times. 

The researchers chose acute stroke care as an example of a time-sensitive, resource-intensive, technologically dependent and potentially lifesaving set of complex actions and decisions, that required a readily available multidisciplinary team working in close coordination. The researchers observed a 74.6 percent increase in stroke code activations and a 113.6 percent increase in confirmed strokes compared to the pre-attack phase. 

Since a ransomware attack on one hospital impacts other non-targeted healthcare facilities, the researchers suggest that ransomware and other cyberattacks should be classed as regional disasters. The researchers report no significant difference in door–to–CT scan or acute stroke treatment times but suggest the disruptions due to ransomware attacks could easily lead to negative patient outcomes. 

“These findings support the need for coordinated regional cyber disaster planning, further study on the potential patient care effects of cyberattacks, and continued work to build technical health care systems resilient to cyberattacks such as ransomware,” says the researchers, who also suggest this should be made a national priority given the increase in cyberattacks on healthcare organizations in recent years.