Hacking Your Health: Can Your Electronic Health Record be Hacked?

July 29, 2022

By: Christopher A. Iacono , Rebeca Himena Miller

Takeaway: With ransomware attacks increasing over the past few years, healthcare organizations can expect hackers to make ransom demands while holding their computer systems hostage.

Everything comes back in style. In the 90s, computer hackers learned how to infiltrate networks, hold them hostage, and demand payment to make them functional again.  Recently, this strategy has resurged in the healthcare industry, potentially placing people’s lives at risk.

From 2021 to 2022, the number of ransomware attacks on healthcare organizations skyrocketed by 94%. This resulted in two-thirds of healthcare organizations in the U.S. experiencing some form of a ransomware attack in 2021, up from 34% in 2020. According to cybersecurity experts, ransomware attacks on healthcare organizations were always common. But it is the increase in frequency and severity of these attacks now that is worrisome.

These attacks can have devastating consequences.  Most recently in San Diego, California, treatments at a chemotherapy facility were delayed and, at another healthcare facility, ambulances were diverted from the emergency room after computer systems were frozen by an attack. In 2021, the first lawsuit alleging “death by ransomware” occurred where a mom sued a hospital for fatal brain damage to her newborn after heart rate monitors failed because of an attack.

Healthcare facilities are high-profile targets because attackers know the facilities are willing to pay high ransoms to safeguard people’s lives. In fact, 61% of healthcare organizations paid attackers ransom to resolve a ransomware attack in 2021.

Most of these attacks are carried out by private criminal groups. Conti, a crime syndicate out of Russia, was traced back to 30% of ransomware attacks in 2021. And just two weeks ago, the FBI revealed in June that it successfully thwarted an attack from Iran on a children’s hospital in Boston.

As this unsophisticated tactic of the recent past resurfaces, organizations that utilize or transmit private health information must ensure that they are prepared. This may include implementing more comprehensive security systems, conducting employee training, or revamping their data security policies to minimize the threat of data breaches.

Here are additional articles about the latest health system data breaches:

News & Events

Related News

22 Pietragallo Lawyers Named in 2023 Pennsylvania Super Lawyers and Rising Stars
May 19, 2023
Pietragallo is pleased to announce that 22 lawyers have been named as 2023 Pennsylvania Super Lawyers and Rising Stars. Super Lawyers is a service of Thomson Reuters legal division which compiles a list of outstanding lawyers from more than 70 practice areas. Read More
Pietragallo earns the ACBA ALLY Certification
November 29, 2022
On November 10, 2022, Pietragallo was a part of the Allegheny County Bar Association’s first graduating class of the ALLY Initiative Cohort. Read More

Upcoming Events

Tonya Lupinacci to speak at Montgomery Bar Association’s Title IX CLE
June 5, 2023
On Monday, June 5, 2023, Tonya Lupinacci will speak at the Montgomery Bar Association’s Women in the Law CLE “Title IX: The Campus Disciplinary Process in Higher Education”. Read More
View More News & Events