Some hospitals are one ransomware attack away from closing

Cyberattacks on hospitals can lead to serious implications for patient safety and privacy, but could force many hospitals in precarious financial positions to close their doors for good, Bloomberg reported June 23. 

Healthcare facilities have been hit with 266 digital incursions affecting 36 million people this year, with 2023 on track to exceed the number of cyberattacks last year, according to John Riggi, the national adviser for cybersecurity and risk at the American Hospital Association.

The costs and time taken to recover from a ransomware attack — which are becoming increasingly sophisticated — can be significant. Cyberattacks against hospitals, specifically, have tripled in the last five years. 

Chicago-based CommonSpirit estimates that the ransomware attack it suffered in October cost it about $160 million. The estimate includes lost revenues due to business disruption and extra costs to fix the IT issues.

The 143-hospital system, which posted $1.1 billion in operating losses for the nine-months ending March 31, reported 623,774 patients' data was breached during the attack and patients sued the system for failing to prevent the attack. 

Fortunately, CommonSpirit is confident of recovering much of the $160 million, "but we expect it to take some time," Benjie Loanzon, senior vice president of finance, said during a May 22 earnings call. 

On June 16, St. Margaret's Health closed its Spring Valley, Ill., hospital, five months after it closed its other hospital in Peru, Ill. The Spring Valley facility is believed to be the first healthcare facility to close because of a ransomware attack, which hospital officials said hampered its ability to submit claims to payers.

"You're dead in the water," Linda Burt, vice president of quality and community services at the hospital, told NBC News. "We were down a minimum of 14 weeks. And then you're trying to recover. Nothing went out. No claims. Nothing got entered. So it took months and months and months."

The cyberattack was also partly to blame for St. Margaret's decision to suspend operations at its Peru hospital.

Peoria, Ill.-based OSF Healthcare, a 15-hospital system operated by The Sisters of the Third Order of St. Francis, is in the process of buying and reopening the Peru hospital. 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars