In the News

Ransomware attacks on health care organizations are escalating and becoming more sophisticated, according to a study in the December 2, 2022, JAMA Health Forum. The number of annual attacks, in which malicious software is used to shut down an organization's access to computer systems until a ransom is paid, more than doubled between 2016 and 2021, increasing from 43 to 91. The attacks disrupted care in hospitals, clinics, ambulatory surgical centers, mental/behavioral health facilities, and dental practices and exposed the personal health information of nearly 42 million patients. Over time it became more likely that stolen data would become public, usually via the dark web, where samples of stolen data are posted to advertise what is available for sale. Stolen personal health care information was made public in 22% of the attacks in 2021, up from 14% in 2016. Disruptions in care delivery occurred in 44% of the attacks—including electronic health record downtime, delays or cancellations in care, and ambulance diversions—which jeopardizes patient safety and outcomes.