What Could Possibly Go Wrong? New Study Examines Aftermath of Cyberattacks

With the uptick in cyberattacks, the importance of cybersecurity is being reemphasized. However, there’s also the impact to operations—having to divert patients to other facilities for their care until the impacted facility recovers, which can take weeks.

A new JAMA study found that emergency room visits and inpatient admissions decrease after ransomware attack. Considering emergency department and patient discharge data from the state of California between 2014 and 2020 and identifying eight ransomware attacks that disrupted the operations of 15 hospitals, researchers gathered the following:

• Beginning with a mean of 740.9 emergency department visits and 182.25 inpatient admissions the week before the attack, there was a decrease of 8.10% and 8.16%, respectively, the following week.
• In the second week after the attack, emergency department visits and inpatient admissions increased by 16.21% and 16.62%, respectively.
• Decreases returned to preattack levels within eight weeks after the attack.

Nearby facilities unaffected by the attack saw an increase in emergency department visits and inpatient admissions for up to four weeks. The study did not note any significant changes to inpatient admissions at unaffected hospitals during this time.

The scope of the impact of the Change Healthcare ransomware attack has effectively left its mark on the healthcare sector, with some providers still struggling to recover financially.

“There is a newer wave of IT leaders that grew up from the operational side of business and weren’t just tech people,” Bill Arneson, director of business operational transformation at Moffitt Cancer Center, previously told HealthLeaders.

“I think those are the people that you need, someone that can speak business and IT to bridge those gaps.”