Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Personal health information of 42M Americans leaked between 2016 and 2021

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled. Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers. Researchers from Jama Network analyzed trends in ransomware attacks […]

healthcare ransomware

Crooks have had access to the medical records of 42 million Americans since 2016 as the number of hacks on healthcare organizations doubled.

Medical records of 42 million Americans are being sold on the dark web since 2016, this information comes from cyberattacks on healthcare providers.

Researchers from Jama Network analyzed trends in ransomware attacks on US hospitals, clinics, and health care delivery organizations between 2016 and 2021.

Common operational disruptions included canceled appointments/surgeries, electronic system downtime, and ambulance diversion. The researchers calculated the operational disruption duration and other data related to the attacks.

From 2016 to 2021, the annual number of ransomware attacks passed from 43 to 91. 

“In this cohort study of 374 ransomware attacks, the annual number of ransomware attacks on health care delivery organizations more than doubled from 2016 to 2021, exposing the personal health information of nearly 42 million patients.” reads the report published by Jama Network. “During the study period, ransomware attacks exposed larger quantities of personal health information and grew more likely to affect large organizations with multiple facilities.”

healthcare ransomware

During the study period, the researchers documented 374 ransomware attacks on healthcare systems that exposed the personal health information (PHI) of 41 987 751 individuals.

The exposure of personal health information increased more than 11-fold, from roughly 1.3 million in 2016 to close to 16.5 million in 2021.

Approximately one in five (20.6%) healthcare organizations that suffered a ransomware attack were able to restore data from backups. For 15.8% of ransomware attacks, threat actors leaked stolen PHI by posting it on dark web forums.

Ransomware attacks mainly targeted clinics, followed by hospitals, other delivery organization types, ambulatory surgical centers, mental/behavioral health organizations, dental practices, and post–acute care organizations. 

Experts also reported that 52.9% of all ransomware attacks affected multiple facilities within the attacked organization.

“The results of this cohort study suggest that from 2016 to 2021, ransomware attacks on health care delivery organizations increased in frequency and sophistication. These attacks exposed PHI and frequently disrupted health care delivery, but further research is needed to more precisely understand the operational and clinical care consequences of these disruptions.” concludes the report. “As policy makers craft legislation aimed at countering the threat of ransomware attacks across multiple industries, we urge them to focus on the specific needs of health care delivery organizations, for which operational disruptions may carry substantial implications for the quality and safety of patient care.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, healthcare)

[adrotate banner=”5″]

[adrotate banner=”13″]