Ransomware's ripple effect felt across ERs as patient care suffers

Ransomware infected 389 US healthcare organizations this fiscal year, putting patients' lives at risk and costing facilities up to $900,000 a day in downtime alone, according to Microsoft.

In a report published Tuesday, Redmond recounts the surging costs – both in terms of patient care and dollars, with the average admitted payment now up to $4.4 million – to hospitals hit by a ransomware attack as well as those nearby.

Keep in mind, these monetary figures are averages. UnitedHealth spent $776 million to date on network restoration and $1.4 billion on increased medical care expenditures as a result of the Change Healthcare ransomware attack in February.

Previously, the company's CEO admitted to paying the criminals' $22 million ransom demand.

The Microsoft paper, which cites both internal and third-party research, points to highly time-sensitive stroke treatment as an example. Stroke code activation at hospitals close to one suffering from a ransomware infection jumped from 59 to 103, while confirmed strokes skyrocketed 113.6 percent, from 22 to 47 cases, according to a 2023 study.

It also found reported cardiac arrests at a nearby hospital dealing with an infected hospital's overflow of patients increased 81 percent, from 21 cases to 38.

Meanwhile, survival rates for out-of-hospital cardiac arrests with favorable neurological outcomes plummeted, from 40 percent pre-ransomware infection to 4.5 percent during the incident.

• Would banning ransomware insurance stop the scourge?
• UnitedHealth CEO: 'Decision to pay ransom was mine'
• Ransomware attacks hospitalizing security pros, as one admits suicidal feelings
• Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between

These network intrusions also divert ambulances that are transporting people to hospitals and emergency clinics. Microsoft cites a 35.2 percent increase in emergency medical services (EMS) arrivals at other hospitals when one nearby is experiencing an attack.

Meet the scumbags attacking hospitals

While healthcare attacks are usually perpetrated by "highly organized and specialized threat actor groups," according to Microsoft, ransomware-as-a-service has significantly lowered the barrier to entry for would-be extortionists. This, coupled with Russia providing a safe harbor for ransomware gangs, has led to a 300 percent increase in attacks.

Still, Iranian groups have been the most active in terms of attempted attacks against healthcare orgs this year, according to Microsoft's threat intelligence data.

This echoes an August warning from the US government about Iran's Pioneer Kitten hacking into American networks, including hospitals, to steal sensitive data and then "collaborate with ransomware affiliate actors to deploy ransomware."

In addition to the Russians and Iranians, Chinese crews are also getting in on the healthcare ransomware game and using it as a cover for their government-backed espionage activity, Microsoft suggests. ®