Cyberattacks a Problem for Nearby EDs, Too

— Authors call for "coordinated regional surge planning" similar to natural disasters

MedpageToday
A photo of an upset looking woman sitting in front of two computer monitors announcing a ransomware attack.

A ransomware attack at one healthcare system had a significant impact on two neighboring emergency departments (EDs) that weren't targeted in the attack, researchers found.

Daily mean ED volume rose 15.1% at the two facilities, from 218.4 in the pre-attack period to 251.4 in the attack period (P<0.001), Christian Dameff, MD, MS, of the University of California San Diego, and colleagues reported in JAMA Network Open.

Mean ambulance arrivals rose 35.2% from 1,741 prior to the attack to 2,354 during the attack (P<0.001), and there was a 127.8% increase in visits where patients left without being seen (from 158 to 360, P<0.001).

The researchers also reported increases in patients who left against medical advice (50.4% increase), median waiting room times (47.6% increase), and median total length of stay for admitted patients (33.9% increase).

In the post-attack period, only some parameters -- such as EMS arrivals and patients who left against medical advice -- returned to pre-attack rates, the authors noted.

Anecdotal reports from clinicians said disruptions were most pronounced during the first 2 weeks of the attack, and were likely the result of "early chaos when no mitigations existed yet for hospitals to develop ad hoc workarounds," the researchers observed.

"Ransomware attacks on hospital systems have previously been reported to be costly and disabling," they wrote. "Increases in healthcare cybersecurity incidents suggest the need for coordinated regional surge planning similar to that conducted for natural disasters."

"Increasing cyberattack prevention efforts and operational resiliency across all healthcare systems should be a high national priority," they continued. "These findings support the need for coordinated regional cyber disaster planning, further study on the potential patient care effects of cyberattacks, and continued work to build technical healthcare systems resilient to cyberattacks such as ransomware."

The team noted that proper planning and coordination across groups of healthcare delivery organizations, such as hospitals, community health centers, and home health agencies in a designated region, could help mitigate the negative effects found in this analysis.

"Hospital systems infected with ransomware can likely reduce regional effects by developing cyberattack-specific emergency operations plans to minimize recovery times in addition to engaging regional partners to proactively plan for and drill for cyberattacks," the researchers wrote.

They suggested measures including limiting elective surgeries when an attack occurs at a nearby healthcare delivery organization. The investigators also highlighted the need to anticipate risks to specific individuals, such as stroke and trauma patients, and recommended that "measures to rapidly facilitate transfers among hospitals should be prioritized."

They noted, for example, that several hospitals in the targeted health system were stroke centers, which meant high-acuity patients needed to be transported to other stroke centers in the area. One of the two facilities saw a 74.6% increase in stroke code activations and a 113.6% increase in confirmed strokes from the pre-attack phase to the attack phase, they noted.

For their study, Dameff and colleagues examined adult and pediatric patient volume as well as stroke care data from two urban academic EDs in San Diego County. They collected data from the 4 weeks prior to a ransomware attack that occurred on May 1, 2021, and the period during the attack and initial recovery through May 28, 2021. They also collected data from the 4 weeks thereafter.

Ultimately, the analysis included data on 19,857 ED visits, including 6,114 prior to the attack phase, 7,039 during the attack phase, and 6,704 after the attack phase. The patient demographic data were similar in all three phases of the study, the researchers said.

  • author['full_name']

    Michael DePeau-Wilson is a reporter on MedPage Today’s enterprise & investigative team. He covers psychiatry, long covid, and infectious diseases, among other relevant U.S. clinical news. Follow

Disclosures

Dameff is supported by an award from the National Institutes of Health/National Institute of Biomedical Imaging and Bioengineering.

The authors reported no conflicts of interest.

Primary Source

JAMA Network Open

Source Reference: Dameff C, et al "Ransomware attack associated with disruptions at adjacent emergency departments in the US" JAMA Netw Open 2023; DOI: 10.1001/jamanetworkopen.2023.12270.