RESUMO
PURPOSE: Hospitals are increasingly the target of cybersecurity threats, including ransomware attacks. Little is known about how ransomware attacks affect care at rural hospitals. METHODS: We used data on hospital ransomware attacks from the Tracking Healthcare Ransomware Events and Traits database, linked to American Hospital Association survey data and Medicare fee-for-service (FFS) claims data from 2016 to 2021. We measured Medicare FFS volume and revenue in the inpatient, outpatient, and emergency room setting-at the hospital-week level. We then conducted a stacked event study analysis, comparing hospital volume and revenue at ransomware-attacked and nonattacked hospitals before and after attacks. FINDINGS: Ransomware attacks severely disrupted hospital operations-with comparable effects observed at rural versus urban hospitals. During the first week of the attack, inpatient admissions volume fell by 14.7% at rural hospitals (P = .04) and 16.9% at urban hospitals (P = .01)-recovering to preattack levels within 2-3 weeks. Outpatient visits fell by 35.3% at rural hospitals (P<.01) and 22.0% at urban hospitals (P = .03) during the first week. Emergency room visits fell by 10.0% at rural hospitals (P = .04) and 19.3% at urban hospitals (P = .01). Travel time and distance to the closest nonattacked hospital was 4-7 times greater for rural ransomware-attacked hospitals than for urban ransomware-attacked hospitals. CONCLUSIONS: Ransomware attacks disrupted hospital operations in rural and urban areas. Disruptions of similar magnitudes may be more detrimental in rural areas, given the greater distances patients must travel to receive care and the outsized impact that lost revenue may have on rural hospital finances.
RESUMO
This cross-sectional study assesses the increases and decreases over time in the number of pharmacy contracts, distance from contracting pharmacies, and proportion of pharmacy contracts with safety-net practices in the US.
Assuntos
Farmácias , Custos de Medicamentos , Custos e Análise de Custo , MarketingRESUMO
As cybercrime increasingly targets the health care sector, hospitals face the growing threat of ransomware attacks. Ransomware is a type of malicious software that prevents users from accessing their electronic systems-demanding payment to restore access. In response, momentum is gathering to enact policy that will help hospitals strengthen their cybersecurity defenses. However, to design effective policy, it is crucial to understand the characteristics of hospitals associated with the risk of ransomware attack. In this paper, we compare the characteristics of ransomware-attacked and non-attacked short-term acute care hospitals in the United States. Using data from the American Hospital Association's Annual Survey and the Healthcare Cost Report Information System, we found that ransomware-attacked hospitals were larger, had higher net operating revenue, were more likely to be financially profitable, and more likely to provide trauma, emergency, and obstetric care than non-attacked hospitals. Measures of information technology sophistication did not vary between ransomware-attacked and non-attacked hospitals. These results can be used to tailor policy interventions in order to most effectively respond to and prevent cybercrime in health care.
RESUMO
Importance: Anecdotal evidence suggests that health care delivery organizations face a growing threat from ransomware attacks that are designed to disrupt care delivery and may consequently threaten patient outcomes. Objective: To quantify the frequency and characteristics of ransomware attacks on health care delivery organizations. Design, Setting, and Participants: This cohort study used data from the Tracking Healthcare Ransomware Events and Traits database to examine the number and characteristics of ransomware attacks on health care delivery organizations from 2016 to 2021. Logistic and negative binomial regression quantified changes over time in the characteristics of ransomware attacks that affected health care delivery organizations. Main Outcomes and Measures: Date of ransomware attack, public reporting of ransomware attacks, personal health information (PHI) exposure, status of encrypted/stolen data following the attack, type of health care delivery organization affected, and operational disruption during the ransomware attack. Results: From January 2016 to December 2021, 374 ransomware attacks on US health care delivery organizations exposed the PHI of nearly 42 million patients. From 2016 to 2021, the annual number of ransomware attacks more than doubled from 43 to 91. Almost half (166 [44.4%]) of ransomware attacks disrupted the delivery of health care, with common disruptions including electronic system downtime (156 [41.7%]), cancellations of scheduled care (38 [10.2%]), and ambulance diversion (16 [4.3%]). From 2016 to 2021, ransomware attacks on health care delivery organizations increasingly affected large organizations with multiple facilities (annual marginal effect [ME], 0.08; 95% CI, 0.05-0.10; P < .001), exposed the PHI of more patients (ME, 66â¯385.8; 95% CI, 3400.5-129â¯371.2; P = .04), were less likely to be restored from data backups (ME, -0.04; 95% CI, -0.06 to -0.01; P = .002), were more likely to exceed mandatory reporting timelines (ME, 0.06; 95% CI, 0.03-0.08; P < .001), and increasingly were associated with delays or cancellations of scheduled care (ME, 0.02; 95% CI, 0-0.05; P = .02). Conclusions and Relevance: This cohort study of ransomware attacks documented growth in their frequency and sophistication. Ransomware attacks disrupt care delivery and jeopardize information integrity. Current monitoring/reporting efforts provide limited information and could be expanded to potentially yield a more complete view of how this growing form of cybercrime affects the delivery of health care.
