Healthcare Cyberattacks Linked to Disruptions at Neighboring Hospitals, Study Finds

May 10, 2023 - When one healthcare organization suffers a cyberattack, other facilities in the area feel its impact, a study published in JAMA Network Open suggested. Emergency medicine physician and self-taught hacker Christian Dameff, along with fellow University of California, San Diego experts, led the study efforts.

The study authors retrospectively analyzed two academic urban emergency departments adjacent to a healthcare organization in San Diego that was suffering a month-long ransomware attack impacting four of its facilities.

Specifically, researchers studied adult and pediatric patient volume and stroke care metrics at the two adjacent hospitals four weeks prior to the ransomware attack as well as during the attack and four weeks after the attack, observing significant disruptions along the way.

“Cyberattacks on health care delivery organizations are increasing in frequency and sophistication,” the study stated. “Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge.”

The study found that hospitals that are located near a hospital suffering a healthcare cyberattack may experience increased patient volumes and resource constraints that impact time-sensitive care for conditions such as acute stroke.

During the attack, there was a 15.1 percent increase in the daily mean emergency department census at the neighboring hospitals, as well as an uptick in patients leaving against medical advice, patients leaving without being seen, and a 47.6 percent increase in median waiting room times.

“These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster,” the study stated.

In addition, compared to the pre-attack phase, there was a 35.2 percent increase in mean ambulance arrivals during the attack, and a significant uptick in emergency department stroke code activations. There were 59 stroke code activations in the pre-attack phase, compared to 103 during the attack phase and 65 during the post-attack phase.

“Acute stroke care is an example of a time-sensitive, resource-intensive, technologically dependent, and potentially lifesaving set of complex actions and decisions requiring a readily available multidisciplinary team working in close coordination,” the study explained.

“Several of the hospitals targeted by the ransomware attack are stroke centers, necessitating the transport of these high-acuity patients to a reduced number of functioning stroke centers in the region.”

Thankfully, there were no specific increases in door-to-CT scan or stroke treatment times. However, it is possible that these disruptions could lead to negative patient outcomes in the future.

Equipped with these telling results, the study suggested that hospital systems develop cyberattack-specific emergency operations plans in coordination with regional partners in order to reduce disruptions amid a cyberattack.

Real-time threat sharing and tabletop drills may prove crucial in reducing disruptions and caring for high-risk patients during a cyberattack.

“Increasing cyberattack prevention efforts and operational resiliency across all health care systems should be a high national priority,” the study stated. 

“Further study on the association of cyberattacks with patient safety and quality of care is needed, although significant barriers to data collection and reporting remain given the reliance on affected electronic adverse event monitoring systems and HDO legal liability concerns.”