BEWARE: Ransomware Attacks in Healthcare


By Staff Reporters



According to Healthcare Brew, the rising tide of ransomware attacks in healthcare is exacting a hefty price from hospitals and other medical providers who’ve had their data locked up by cyberattacks.

Healthcare providers face potential costs arising from more than just the initial ransom; targeted systems have seen lost patient revenue, the need for remediation, and additional recovery costs. And even the largest health systems in the country aren’t immune to the costly ripple effects, such as delayed patient care, including surgeries, that can linger even after an initial attack.

“Not only is the frequency [of ransomware attack] picking up, but I’d say the magnitude or the size is also getting bigger,” said Brian Tanquilut, a healthcare services analyst at Jefferies.

CommonSpirit Health, one of the nation’s largest hospital chains, was hit with a high-profile cyberattack in October. The system has not publicly disclosed the financial fallout, but a Dec. 1 update published on the company’s website said that the cyberattackers gained access to personal information for some patients and that an investigation is ongoing. Chad Burns, a spokesperson for CommonSpirit, declined requests for an interview.

A report from the cybersecurity firm Sophos determined that “the average remediation cost [from a ransomware attack] went up from $1.27 million in 2020 to $1.85 million in 2021.” For others, it’s much more costly.


Tenet Healthcare, a Dallas-based healthcare company, reported a loss of about $100 million attributed to a ransomware attack in April, according to its second-quarter earnings report. San Diego-based Scripps Health said a ransomware attack cost it nearly $113 million in May and June 2021 primarily due to lost revenue, along with recovery costs. Keep reading here.





Thank You


One Response

  1. Have you gone paperless yet, Doc?

    Regardless of what practice management software salespeople tell you, there is certainly no need to rush your decision. 

    “Ransomware gangs are starting to ditch encryption – Criminal gangs are using a new method to guarantee a ransomware payout: They’re ditching the part where they lock up a target firm’s systems by encrypting them and are skipping straight to holding the company’s precious data [patients’ health records] for ransom.”
    By Sam Sabin for Axios, Jan 13, 2023.

    Upon being informed that their dentist fumbled their HIPAA-protected personal information – data which could be made available to identity thieves through the dark web – how many patients would never return? I would guess that at least a third of them would find another dentist – perhaps a dentist who keeps paper records instead of digital.

    It gets worse. If the heist involves more than 500 individuals’ Protected Health Information, federal law demands that a public notice describing the incident be published in the local media to warn the community that the dentist should not be trusted with patients’ secrets.

    Dr. Darrell K. Pruitt DDS


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: