Cargando…

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US

IMPORTANCE: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been...

Descripción completa

Detalles Bibliográficos
Autores principales: Dameff, Christian, Tully, Jeffrey, Chan, Theodore C., Castillo, Edward M., Savage, Stefan, Maysent, Patricia, Hemmen, Thomas M., Clay, Brian J., Longhurst, Christopher A.
Formato: Online Artículo Texto
Lenguaje:English
Publicado: American Medical Association 2023
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10167570/
https://www.ncbi.nlm.nih.gov/pubmed/37155166
http://dx.doi.org/10.1001/jamanetworkopen.2023.12270
_version_ 1785038703951872000
author Dameff, Christian
Tully, Jeffrey
Chan, Theodore C.
Castillo, Edward M.
Savage, Stefan
Maysent, Patricia
Hemmen, Thomas M.
Clay, Brian J.
Longhurst, Christopher A.
author_facet Dameff, Christian
Tully, Jeffrey
Chan, Theodore C.
Castillo, Edward M.
Savage, Stefan
Maysent, Patricia
Hemmen, Thomas M.
Clay, Brian J.
Longhurst, Christopher A.
author_sort Dameff, Christian
collection PubMed
description IMPORTANCE: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge. OBJECTIVE: To examine an institution’s emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization. DESIGN, SETTING, AND PARTICIPANTS: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County’s total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges. EXPOSURE: A month-long ransomware cyberattack on 4 adjacent hospitals. MAIN OUTCOMES AND MEASURES: Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics. RESULTS: This study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P < .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P < .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P < .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P < .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02). CONCLUSIONS AND RELEVANCE: This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster.
format Online
Article
Text
id pubmed-10167570
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher American Medical Association
record_format MEDLINE/PubMed
spelling pubmed-101675702023-05-10 Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US Dameff, Christian Tully, Jeffrey Chan, Theodore C. Castillo, Edward M. Savage, Stefan Maysent, Patricia Hemmen, Thomas M. Clay, Brian J. Longhurst, Christopher A. JAMA Netw Open Original Investigation IMPORTANCE: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge. OBJECTIVE: To examine an institution’s emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization. DESIGN, SETTING, AND PARTICIPANTS: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County’s total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges. EXPOSURE: A month-long ransomware cyberattack on 4 adjacent hospitals. MAIN OUTCOMES AND MEASURES: Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics. RESULTS: This study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P < .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P < .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P < .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P < .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02). CONCLUSIONS AND RELEVANCE: This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster. American Medical Association 2023-05-08 /pmc/articles/PMC10167570/ /pubmed/37155166 http://dx.doi.org/10.1001/jamanetworkopen.2023.12270 Text en Copyright 2023 Dameff C et al. JAMA Network Open. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the CC-BY License.
spellingShingle Original Investigation
Dameff, Christian
Tully, Jeffrey
Chan, Theodore C.
Castillo, Edward M.
Savage, Stefan
Maysent, Patricia
Hemmen, Thomas M.
Clay, Brian J.
Longhurst, Christopher A.
Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
title Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
title_full Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
title_fullStr Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
title_full_unstemmed Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
title_short Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US
title_sort ransomware attack associated with disruptions at adjacent emergency departments in the us
topic Original Investigation
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10167570/
https://www.ncbi.nlm.nih.gov/pubmed/37155166
http://dx.doi.org/10.1001/jamanetworkopen.2023.12270
work_keys_str_mv AT dameffchristian ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT tullyjeffrey ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT chantheodorec ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT castilloedwardm ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT savagestefan ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT maysentpatricia ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT hemmenthomasm ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT claybrianj ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus
AT longhurstchristophera ransomwareattackassociatedwithdisruptionsatadjacentemergencydepartmentsintheus