Home / News

Ransomware Attacks on US Hospitals Trigger Significant Ripple Effects on Neighboring Facilities

Photo: Gorodenkoff / Adobe Stock

In a study published in the JAMA Network, evidence indicates that ransomware attacks on healthcare delivery organizations (HDOs) lead to substantial disruptions in patient care and emergency department workflows. The study focused on an attack that occurred on May 1, 2021, on an HDO consisting of four acute care hospitals and 19 outpatient facilities. The breach compromised the records of nearly 150,000 patients, and the operational disruption persisted for four weeks.

The study reveals that during the cyberattack period, there were significant increases in daily emergency department volume, ambulance arrivals, admissions, and patients who left without being seen or left against medical advice at neighboring healthcare facilities not directly affected by the attack.

Stroke Care Compromised: Stroke care, a time-critical service, was particularly impacted, with a significant increase in emergency department stroke code activations and confirmed strokes during the cyberattack period. However, the times for acute stroke treatment and CT scans remained constant, indicating that healthcare providers were able to maintain care standards under pressure.

The Urgency for Cybersecurity: The report underscores the increasing need for improved cybersecurity measures in healthcare systems, as ransomware attacks continue to surge, causing extensive operational, financial, and patient care implications. The cost of such attacks extends beyond the initial ransom and includes potentially millions of dollars in damages due to prolonged disruption of critical hospital infrastructure.

Mitigating Cyberattacks: Despite improved awareness and focus on cybersecurity, the study emphasizes the need for continued work, suggesting that hospital systems can reduce the regional effects of cyberattacks by developing emergency operation plans specific to cyberattacks, coordinating regional surge planning, and increasing real-time information sharing on cyber threats.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC