\n\n“Cyberattacks on health systems are on a steady rise, and their costs are mushrooming. Experts said there are a variety of reasons for the increase, including that criminals are getting more advanced and more aspects of health care are online.<\/p>\n\n\n\n
When a cyberattack struck Sky Lakes Medical Center, a community hospital in southern Oregon, in late October 2020, its computers were down for three weeks. The most mundane tasks became arduous. Nurses had to check on critical patients every 15 minutes in case their vital signs changed. Doctors scribbled down their orders and the swelling mounds of paper took over whole rooms. In three weeks, the hospital ran through 60,000 sheets of paper.<\/p>\n\n\n\n
Sky Lakes had to rebuild or replace 2,500 computers and clean its network to get back online. Even after it hired extra staff, it took six months to input all the paper records into the system. In total, John Gaede, Sky Lakes director of information services, says his organization spent $10 million \u2014 a big expense for a nonprofit with roughly $4.4 million in annual operating income (the organization did not pay a ransom).<\/p>\n\n\n\n
For hospitals with limited budgets, there are questions about how well they can protect themselves. The attack on Sky Lakes was part of a wave of attacks in 2020 and 2021 connected to a criminal group in Eastern Europe<\/a>.<\/p>\n\n\n\n \u201cOur budgets typically have a margin of maybe 3 percenta year,\u201d Gaede said, \u201cbut we\u2019re supposed to compete with nation-state actors?\u201d<\/p>\n\n\n\n Health data is lucrative on the black market, making hospitals a popular target. Plus, if a health system has ransomware insurance, criminals may think they\u2019re guaranteed a payout. Ransomware ties up hospital records in encrypted files until a fee is paid.<\/p>\n\n\n\n \u201cBack when ransoms were $50,000, it was cheaper to pay them than to deal with a lawsuit that would have cost far more,\u201d says Omid Rahmani, associate director at Fitch Ratings, a credit rating agency, adding that ransoms now cost millions. \u201cThe landscape\u2019s changed and because of that the cyber insurance side has changed \u2014 and that\u2019s really connected to the rise of ransomware.\u201d<\/p>\n\n\n\n In its annual cost of a data breach report, IBM writes the global average cost of an attack on a health system rose from about $7 million to over $9 million in 2021. But remediating these violations in the U.S. can be far more expensive.”<\/p>\n\n\n\n