Healthcare ransomware attacks lead to uptick in ED visits at nearby hospitals

Ransomware attacks on hospitals are known to disrupt daily operations, often resulting in ambulance diversions and canceled appointments. But a research letter published in JAMA suggests that the effects of a ransomware attack on a single hospital reach further than just the targeted hospital, affecting neighboring facilities as well.  

Researchers analyzed emergency department (ED) and patient discharge data from the California Department of Health Care Access and Information, focusing on data collected between 2014 and 2020.

The results showed a temporary decrease in ED visits and inpatient admissions at hospitals targeted by ransomware attacks and a temporary increase in ED visits at nearby unaffected hospitals in California.

The researchers suggested that “the consequences of such attacks are broader than the targeted hospitals,” shedding light on how a ransomware attack against one hospital can impact an entire community’s care.

While the research letter revealed an uptick in ED visits at nearby unaffected hospitals, it showed no statistically significant changes in inpatient admissions in nearby hospitals.

The researchers accounted for several variables between hospitals to ensure the validity of the results by using a two-stage difference-in-differences regression model weighted by the number of hospital beds.

“This approach accounted for preexisting differences across hospitals and statewide outcome changes,” the letter stated. “We controlled for hospital teaching status, the number of intensive care units, critical care units, neonatal intensive care units, and operating rooms.”

Additionally, the researchers identified hospitals within the same hospital service area as the attacked hospital and compared outcomes at hospitals within a four-mile radius of the attacked hospital. If there were no hospitals within four miles, the researchers analyzed the two closest hospitals.

Researchers determined ransomware attacks by studying the HHS Office for Civil Rights data breach portal and cross-referencing it with media coverage and incident descriptions provided by the attacked hospitals.

Overall, the researchers identified eight ransomware attacks that disrupted 15 hospitals. In the first week after the attack, ED visits at attacked hospitals decreased by 8.10%, and inpatient admissions decreased by 8.16%. Those figures increased to 16.21% and 16.62% in the second week, respectively. Within eight weeks, the decreases returned to preattack levels.

“Limitations include the unavailability of post-2020 data and that 1 attack that was not disruptive was excluded, so the analysis might modestly overstate harms of ransomware attacks,” the research letter noted. “In addition, potential adverse health outcomes among patients were not addressed.”

Prior research and news have linked healthcare ransomware attacks to patient safety issues and increases in patient mortality. While HHS and industry groups have long made it clear that “cyber safety is patient safety,” more concrete data is needed to show the extent of the impacts.

A previous study published in JAMA Network Open in May 2023 also provided insight into how healthcare cyberattacks impact neighboring facilities. The 2023 study focused specifically on two academic urban emergency departments adjacent to a healthcare organization in San Diego that was suffering a month-long ransomware attack.

Like the most recent research letter, the 2023 study found that hospitals located near a hospital suffering a cyberattack may experience increased patient volumes.

This research adds to the growing body of evidence that cybersecurity is linked directly to patient care and safety.