Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care

McLaren Health Care, one of Michigan’s largest hospital systems, is still recovering from a ransomware attack last week that caused outages in patient care services. This is yet another in a series of cyberattacks on healthcare providers, which can jeopardize the life and health of numerous patients in addition to inflicting financial damage. 

BlackCat, a prolific cybercriminal group, has taken credit for the McLaren attack and claims to have stolen six terabytes of data from the company’s servers, including patients’ protected health information. The group claims it was able to access the servers “due to negligence in network security and data storage.” McLaren, which serves more than 732,000 people through its 15 hospitals and over 100 primary care locations, was forced to shut down the computer networks at 14 facilities following the attack. The company says that its systems are now operational but that it is investigating what data hackers may have stolen.

This attack comes roughly a month after three Connecticut hospitals owned by Prospect Medical Holdings suffered a debilitating ransomware attack, which forced them to cancel or reschedule nearly half of their elective procedures. During the incident, the hospitals could not process X-rays or CT scans needed for stroke or heart attack victims. Ambulances also had to divert patients as far away as Massachusetts, causing delays in patient care.

Unfortunately, these effects are common when healthcare providers suffer cyberattacks. Ransomware can cripple everything from a provider’s financial systems to its medical equipment, reducing the ability of doctors to provide effective patient care. Affected providers may be forced to divert patients to more distant hospitals, possibly increasing mortality rates, waiting room times, and the number of patients who go unseen. Attacks on one facility can have effects across an entire region, limiting the availability of time-sensitive services in nearby hospitals forced to care for more patients.

News of the latest ransomware attacks coincides with the release of the Department of Homeland Security’s 2024 Homeland Threat Assessment, which concludes that ransomware hackers are on track for their second-most profitable year besides 2021. Optimists had hoped that ransomware would continue to decline following a slight reduction of revenues in 2022, but current figures indicate this is unlikely. This does not bode well for healthcare providers or their patients.  

In addition to improving cybersecurity in general, healthcare providers need to take steps to reduce the impact that cyberattacks have on patient care. Providers and industry groups should identify critical lifesaving services and secure them against disruption by segmenting them from the provider’s main networks to ensure continuity of service during a cyber crisis. Hospitals in the same geographic region should coordinate cyberattack contingency plans. The Department of Health and Human Services should help facilitate a foundational framework for these plans and assist hospitals most at risk. For patients in critical conditions, where mere minutes can mean dramatically different outcomes, ransomware is not just an economic issue or a cybersecurity issue. It is a direct threat to human life.

Michael Sugden is a research analyst and editorial associate with the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD). For more analysis from the author and CCTI, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.