Hospitals are vulnerable to cyberattacks, in which online networks are taken over, and a ransom is demanded to release them. Discussion about cyberattacks at hospitals has centred around privacy threats for years. If hacked, personal information about patients could be exposed and hospitals could face fines under the Health Insurance Portability and Accountability Act (HIPAA). Experts claim that now potential harm to patients during delayed treatments and diverted ambulances is of greater concern than privacy threats.
In April, the U.S. Department of Health and Human Services reported that cyberattacks are the primary and largest threat to hospitals in America, requiring immediate attention due to their potential to threaten lives. According to experts, the majority of hospitals are still insufficiently prepared to prevent and respond to the cybersecurity threat. Larger hospitals generally have the resources to invest in cybersecurity, unlike smaller facilities struggling with financial strain, particularly after the pandemic. According to the HHS report, nearly all the surveyed hospitals stated that they use software with 'known vulnerabilities'.
A study conducted in June 2023 proposed that cyberattacks on hospitals 'should be considered a regional disaster'. Hospitals facing cyberattacks may experience lethal consequences. However, healthcare providers and patients at neighbouring hospitals also experience adverse effects. The research affirms that cyberattacks on hospitals can trigger a domino effect on the healthcare system, resulting in delayed treatment and potential fatalities.
In January 2023, the University of Michigan Health encountered issues with its public websites caused by a cyberattack on a vendor. A ransomware cyber-attack in March 2023 targeted one of Barcelona's prominent hospitals, resulting in system shutdown and the cancellation of essential medical procedures, including surgeries. A study conducted in August 2022 revealed that medical devices represent a weak link in hospital cybersecurity, thereby endangering patients.
As cyberattacks on hospitals are likely to continue, it is important for hospitals to prepare to prevent attacks and plan how to respond when they occur. The threat to patient safety is real, and hospitals must take action to protect their patients and their networks.