The Growing Threat: How Cyberattacks on Hospitals Are Becoming Deadly

In recent years, cyberattacks on healthcare facilities have evolved from mere financial nuisances to potentially lethal threats. As hospitals become increasingly dependent on digital systems, the impact of these attacks has grown more severe, with dire consequences for patient care and safety.

During the COVID-19 pandemic, cybercriminals exploited the chaos within healthcare systems, repeatedly disabling hospital networks when they were least prepared to respond. These attacks resulted in limited emergency services, canceled surgeries, and, tragically, increased mortality rates.

While exact mortality data related to cyberattacks remains challenging to collect, the evidence of their deadly impact is mounting:

• A 2021 study by Proofpoint and Ponemon Institute, examining over 600 healthcare facilities, found that 25% experienced increased death rates following ransomware attacks
• In 2020, a ransomware attack forced a Düsseldorf hospital to close its emergency department, resulting in a patient’s death during ambulance redirection
• An Alabama hospital faced a lawsuit after a newborn’s death was allegedly linked to the inability to perform critical tests due to a cyberattack

“2023 is shaping up to be another record-breaking year in terms of both the volume of attacks against healthcare and the amount of sensitive patient information stolen or compromised by these foreign-based cyber adversaries,” says John Riggi, national advisor for cybersecurity and risk at the American Hospital Association.

• The average cyberattack on a health system results in 19 days of disrupted patient care
• In extreme cases, disruptions can last up to four months
• A recent attack on CommonSpirit Health compromised personal data of over 600,000 patients

The threat extends beyond U.S. borders:

• Ireland’s health service experienced months-long disruptions affecting cancer treatments, maternity services, and COVID-19 vaccinations
• A Paris suburban hospital was forced to transfer critical care patients after its systems were encrypted
• These attacks could potentially trigger NATO’s Article 5 if linked to state actors

The Biden administration is making hospital cybersecurity a key priority, considering:

• Executive orders mandating specific healthcare cybersecurity standards
• Legislative efforts to enhance protection
• Increased support from agencies like the Cybersecurity and Infrastructure Security Agency (CISA)

While awareness of cybersecurity threats in healthcare has improved dramatically over the past 15 years, significant challenges remain. Many healthcare groups and hospitals still struggle to fully address cyber threats to their systems and legacy medical devices.

The transformation of cyberattacks from financial crimes to life-threatening events demands a new approach to hospital security and international response protocols. As these attacks become more sophisticated and deadly, the healthcare sector must adapt and strengthen its defenses to protect not just data, but human lives.

---

The stakes have never been higher, and the message is clear: cybersecurity in healthcare can no longer be treated as merely an IT issue – it’s now a matter of life and death.