Department of Emergency Medicine, University of California, San Diego.
Department of Biomedical Informatics, University of California, San Diego.
JAMA Netw Open. 2023 May 1;6(5):e2312270. doi: 10.1001/jamanetworkopen.2023.12270.
Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge.
To examine an institution's emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization.
DESIGN, SETTING, AND PARTICIPANTS: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County's total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges.
A month-long ransomware cyberattack on 4 adjacent hospitals.
Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics.
This study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P < .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P < .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P < .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P < .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02).
This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster.
针对医疗保健提供组织的网络攻击频率和复杂程度不断增加。勒索软件感染与重大运营中断有关,但据我们所知,以前没有报告过这些网络攻击与附近医院之间的区域关联的数据。
在地理位置邻近但分开的医疗保健提供组织遭受长达一个月的勒索软件攻击期间,检查一家机构的急诊部 (ED) 患者量和中风护理指标。
设计、设置和参与者:这项在两个美国城市学术 ED 进行的前后队列研究比较了 2021 年 5 月 1 日(4 月 3 日至 30 日)勒索软件攻击前四周、攻击和恢复期(5 月 1 日至 28 日)以及攻击和恢复期后四周(5 月 29 日至 6 月 25 日)期间,这两个 ED 的成人和儿科患者量和中风护理指标。这两个 ED 的年度平均就诊量超过 70000 次,占圣地亚哥县所有急性住院出院量的 11%。受勒索软件攻击的医疗保健提供组织约占该地区住院出院量的 25%。
对 4 家相邻医院进行为期一个月的勒索软件网络攻击。
急诊部就诊量(普查)、时间吞吐量、紧急医疗服务 (EMS) 的区域转移以及中风护理指标。
这项研究评估了未受影响的 ED 的 19857 次 ED 就诊:在攻击前阶段有 6114 次(平均 [标准差] 年龄,49.6 [19.3] 岁;2931 [47.9%] 女性患者;1663 [27.2%] 西班牙裔、677 [11.1%] 非西班牙裔黑人、2678 [43.8%] 非西班牙裔白人患者);在攻击和恢复期有 7039 次(平均 [标准差] 年龄,49.8 [19.5] 岁;3377 [48.0%] 女性患者;1840 [26.1%] 西班牙裔、778 [11.1%] 非西班牙裔黑人、3168 [45.0%] 非西班牙裔白人患者);在攻击和恢复期后有 6704 次(平均 [标准差] 年龄,48.8 [19.6] 岁;3326 [49.5%] 女性患者;1753 [26.1%] 西班牙裔、725 [10.8%] 非西班牙裔黑人、3012 [44.9%] 非西班牙裔白人患者)。与攻击前阶段相比,在攻击阶段,每日平均(标准差)ED 普查(218.4 [18.9] 与 251.4 [35.2];P <.001)、EMS 到达(1741 [28.8] 与 2354 [33.7];P <.001)、入院(1614 [26.4] 与 1722 [24.5];P =.01)、未就诊离开的患者(158 [2.6] 与 360 [5.1];P <.001)和未经医嘱离开的患者(107 [1.8] 与 161 [2.3];P =.03)显著增加。与攻击前阶段相比,在攻击阶段,等候室中位数时间(21 分钟 [IQR,7-62 分钟] 与 31 分钟 [IQR,9-89 分钟];P <.001)和入院患者 ED 总住院时间(614 分钟 [IQR,424-1093 分钟] 与 822 分钟 [IQR,497-1524 分钟];P <.001)也显著增加。在攻击阶段,激活中风代码的次数也明显增加(59 次与 102 次;P =.01),确认中风的次数也增加(22 次与 47 次;P =.02)。
这项研究发现,受勒索软件攻击影响的医疗保健提供组织附近的医院可能会增加患者普查量,并可能面临影响急性中风等情况的时间敏感护理的资源限制。这些发现表明,针对特定医院的网络攻击可能与社区内非目标医院的医疗保健提供中断有关,应被视为区域性灾难。
