Cargando…
Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
IMPORTANCE: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been...
Autores principales: | , , , , , , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
American Medical Association
2023
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10167570/ https://www.ncbi.nlm.nih.gov/pubmed/37155166 http://dx.doi.org/10.1001/jamanetworkopen.2023.12270 |
_version_ | 1785038703951872000 |
---|---|
author | Dameff, Christian Tully, Jeffrey Chan, Theodore C. Castillo, Edward M. Savage, Stefan Maysent, Patricia Hemmen, Thomas M. Clay, Brian J. Longhurst, Christopher A. |
author_facet | Dameff, Christian Tully, Jeffrey Chan, Theodore C. Castillo, Edward M. Savage, Stefan Maysent, Patricia Hemmen, Thomas M. Clay, Brian J. Longhurst, Christopher A. |
author_sort | Dameff, Christian |
collection | PubMed |
description | IMPORTANCE: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge. OBJECTIVE: To examine an institution’s emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization. DESIGN, SETTING, AND PARTICIPANTS: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County’s total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges. EXPOSURE: A month-long ransomware cyberattack on 4 adjacent hospitals. MAIN OUTCOMES AND MEASURES: Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics. RESULTS: This study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P < .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P < .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P < .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P < .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02). CONCLUSIONS AND RELEVANCE: This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster. |
format | Online Article Text |
id | pubmed-10167570 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2023 |
publisher | American Medical Association |
record_format | MEDLINE/PubMed |
spelling | pubmed-101675702023-05-10 Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US Dameff, Christian Tully, Jeffrey Chan, Theodore C. Castillo, Edward M. Savage, Stefan Maysent, Patricia Hemmen, Thomas M. Clay, Brian J. Longhurst, Christopher A. JAMA Netw Open Original Investigation IMPORTANCE: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge. OBJECTIVE: To examine an institution’s emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization. DESIGN, SETTING, AND PARTICIPANTS: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County’s total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges. EXPOSURE: A month-long ransomware cyberattack on 4 adjacent hospitals. MAIN OUTCOMES AND MEASURES: Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics. RESULTS: This study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P < .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P < .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P < .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P < .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02). CONCLUSIONS AND RELEVANCE: This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster. American Medical Association 2023-05-08 /pmc/articles/PMC10167570/ /pubmed/37155166 http://dx.doi.org/10.1001/jamanetworkopen.2023.12270 Text en Copyright 2023 Dameff C et al. JAMA Network Open. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the CC-BY License. |
spellingShingle | Original Investigation Dameff, Christian Tully, Jeffrey Chan, Theodore C. Castillo, Edward M. Savage, Stefan Maysent, Patricia Hemmen, Thomas M. Clay, Brian J. Longhurst, Christopher A. Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US |
title | Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US |
title_full | Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US |
title_fullStr | Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US |
title_full_unstemmed | Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US |
title_short | Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US |
title_sort | ransomware attack associated with disruptions at adjacent emergency departments in the us |
topic | Original Investigation |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10167570/ https://www.ncbi.nlm.nih.gov/pubmed/37155166 http://dx.doi.org/10.1001/jamanetworkopen.2023.12270 |
work_keys_str_mv | AT dameffchristian ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT tullyjeffrey ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT chantheodorec ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT castilloedwardm ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT savagestefan ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT maysentpatricia ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT hemmenthomasm ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT claybrianj ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus AT longhurstchristophera ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus |