Medical records of 42 MILLION Americans leaked since 2016 as cyber attacks on hospitals double, report warns

Cybercriminals have gained access to the medical records of more than 40 million Americans since 2016, while the hacking of healthcare systems has doubled.

About half of the hacks caused dangerous healthcare disruptions, such as: B. Ambulance delays, canceled surgeries and problems accessing digital prescriptions.

One in six IT breaches resulted in personal health information being stolen and sold on the dark web, according to a report released today.

Researchers have warned that the increasing frequency and sophistication of cyberattacks in healthcare threatens both patient safety and privacy. They argue that the US government is failing to act against healthcare providers who do not support their systems quickly enough or who do not report ransomware attacks quickly enough.

Last month, DailyMail.com reported how a toddler in Iowa was accidentally given a megadose of opioids and how “urgent” cancer patients had their surgeries delayed by a month after a multi-state hospital’s IT system went down.

Up to 80 percent of the hacks resulted in business interruptions – for weeks

The latest analysis by researchers at the University of Minnesota in Minneapolis examined 374 ransomware attacks in the US between January 2016 and December 2021.

The results showed that the frequency of hacks more than doubled in that time, from 43 breaches in 2016 to 91 last year.

Cybercriminals also seem to be getting bolder, with attacks on large organizations increasing in several states.

Ransomware is a form of malware designed to block access to a computer system until a sum of money is paid.

Without access to patient records and other hospital programs, including drug delivery systems, doctors and nurses are effectively treating patients in the dark.

Almost half (44%) of ransomware attacks disrupted healthcare, with one in 10 resulting in canceled appointments or surgeries and 4% in ambulance diversions.

Overall, the medical records of 41.9 million Americans were accessed during that time, but hackers have become much more adept at obtaining patient information.

Boy (3), overdose and cancer patient missing after major burglary

Twenty million Americans were at risk of “dangerous” health care after a cyberattack on one of the nation’s largest hospital chains.

About 1.3 million records were opened in 2016, compared to more than 16.5 million in 2021 – an 11-fold increase.

In all 374 attacks, approximately one in five healthcare organizations were reportedly able to recover data from backups.

But for 16 percent of ransomware attacks, there was evidence that ransomware actors made some or all of the stolen medical information public, primarily by posting it on dark web forums.

Of hacks in the past five years, 9 percent caused disruptions that lasted two or more weeks.

Still, the researchers say the actual number of cyber attacks is “probably underestimated due to underreporting”.

Department of Health (HHS) guidelines state that healthcare providers must report a ransomware attack if more than 500 people are affected.

However, the researchers warn that there is confusion about whether hacking should be reported through official channels when it comes to encryption, but not the actual removal of data from computer systems.

The report states: “Furthermore, current reporting requirements lack an enforcement mechanism or penalty for non-compliance.

“Even if an organization reports an attack, there is no penalty for doing so beyond the 60-day legal time limit, which may explain the high percentage (53.5 percent) of ransomware attacks with delayed reporting.

“Rather than healthcare organizations correcting themselves when ransomware attacks become more common, we’ve seen an increase in the number of late-reported attacks over time.

“Defective attacks and late reporting present opportunities for lawmakers looking to increase data collection related to cyberattacks, particularly ransomware, to inform an informed and targeted policy response.”