New tip sheet offers solid advice for covering hospital ransomware attacks


Paul Sisson
Paul Sisson

San Diego Union-Tribune health care reporter Paul Sisson was working on a home improvement project on a Sunday in early May when he received an urgent call from one of his editors. Scripps Health, the area’s second-largest health system in patient discharges, had announced that a cyberattack was forcing the shutdown of all computer systems in its four major hospitals, and the news desk needed help covering the issue. Sisson, an AHCJ member, jumped in, and ended up working until midnight.

Sisson said the typical email channels he used to contact the health system’s public affairs officers, its CEO and other sources were offline, and the hospital was limited in what it could confirm, forcing him to call on sources and skills cultivated during some 20 years of reporting. Despite Sisson’s experience, it was his first time covering a ransomware attack. He has compiled the lessons learned into a new tip sheet, which has been added to the Health IT Core Topic section of AHCJ’s website.

Fortunately, Scripps was able to restore its website by May 20, and its electronic health records and online patient portal by May 27, Sisson and other news sources reported. In a June 10 op-ed, Chris Van Gorder, the health system’s CEO, wrote about how Scripps worked with computer consulting and forensic firms, as well as federal law enforcement. It also pointed out how it was just one of many health systems targeted by ransomware attacks.

In 2020, there were 92 individual ransomware attacks affecting more than 600 clinics, hospitals and organizations and more than 18 million patient records, according to an analysis by Comparitech. That’s a 60% increase from 2019, the company found.

Health care entities impacted by ransomware attacks over the previous year include St. Lawrence Health System in New York, Sonoma Valley Hospital in California, Sky Lakes Medical Center in Oregon, and Universal Health Services, which provides services to more than 400 U.S.- and United Kingdom-based health care facilities. Just within the past few weeks, UF Health Central Florida and St. Joseph’s/Candler in Georgia have also been attacked.

The number of attacks targeting hospitals increased during the second half of first quarter 2021, according to a recent report by Radware. The company determined the pandemic played a large part in recent cybercriminal strategies. With health systems relying on remote operations and teleworking, hackers found new opportunities to target organizations’ internet connectivity.

“Health care organizations have had to manage and secure large volumes of patient data and provide 24×7 access to critical applications to ensure a quality user experience and the ability to protect lives,” Pascal Geenens, the company’s director of threat intelligence, wrote in a guest article for Healthcare IT Today. “As a result, health care remains one of the highest at-risk industries from cybercriminals.”

Even before COVID-19, the frequency, sophistication and severity of ransomware attacks on health care providers had increased, wrote John Riggi, senior advisor for cybersecurity and risk for the American Hospital Association, in a blog post about how ransomware attacks on hospitals have changed, and what can be done. Hospitals should proactively get to know appropriate staff at their local FBI and Department of Homeland Security offices, he said, as well as work internally to lessen the likelihood of a successful attack.

“Organized criminal gangs and military units have replaced rogue, individual hackers as the primary perpetrators,” he wrote. “Policies and approaches to protecting against ransomware need to change at the hospital, national and international levels, similar to how the approach to fighting terrorism evolved after 9/11.”

The AHA maintains a list of new and ongoing cybersecurity threats.

For more resources, see the previous AHCJ blog posts “Ransomware attacks on U.S. hospitals spike” and “What to know before diving into a health care cybersecurity story.”

Creative Commons License

Republish our articles for free, online or in print, under a Creative Commons license.

Karen Blum

Karen Blum is AHCJ’s health beat leader for health IT. She’s a health and science journalist based in the Baltimore area and has written health IT stories for numerous trade publications.