Dive Brief:
- California hospitals experienced decreased emergency department visits and inpatient admissions for weeks after a ransomware attack, according to a new study published in JAMA.
- Emergency visits and inpatient admissions fell by more than 8% at targeted hospitals in the week after an attack, and they dropped by more than 16% in the second week.
- Nearby, unattacked hospitals experienced elevated emergency department visits, suggesting “the consequences of such attacks are broader than the targeted hospitals,” according to the researchers.
Dive Insight:
Ransomware, a type of malware that denies users access to their data until a ransom is paid, has become a major threat to hospital operations.
Major hospital chains like Ascension and CommonSpirit have been targeted, and a ransomware attack against UnitedHealth’s technology firm Change Healthcare disrupted key tasks like claims processing and payment across the healthcare sector earlier this year.
Attacks against providers can have potentially serious effects on care delivery, and it sometimes takes weeks for hospitals to fully recover.
Ransomware can shut down electronic health records, delay scheduled procedures and force ambulances to divert to other facilities. In addition, some providers have reported an increase in patient mortality rates in the wake of a ransomware attack.
The latest study, which analyzed California emergency department and patient discharge data from 2014 to 2020, aimed to drill down on some of the healthcare impacts after hospitals were hit by an attack.
The researchers found emergency visits and inpatient admissions at targeted facilities returned to pre-attack levels within eight weeks.
At unattacked nearby hospitals, the study reported increases in emergency department visits for up to four weeks, reaching a more than 7% uptick in the third week after a ransomware attack. However, the researchers didn’t find statistically significant increases in inpatient admissions at nearby hospitals.