Key points are not available for this paper at this time.
Importance: Cyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge. Objective: To examine an institution's emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization. Design, Setting, and Participants: This before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County's total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges. Exposure: A month-long ransomware cyberattack on 4 adjacent hospitals. Main Outcomes and Measures: Emergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics. Results: This study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean SD age, 49.6 19.3 years; 2931 47.9% female patients; 1663 27.2% Hispanic, 677 11.1% non-Hispanic Black, and 2678 43.8% non-Hispanic White patients) in the preattack phase, 7039 (mean SD age, 49.8 19.5 years; 3377 48.0% female patients; 1840 26.1% Hispanic, 778 11.1% non-Hispanic Black, and 3168 45.0% non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean SD age, 48.8 19.6 years; 3326 49.5% female patients; 1753 26.1% Hispanic, 725 10.8% non-Hispanic Black, and 3012 44.9% non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 18.9 vs 251.4 35.2; P < .001), EMS arrivals (1741 28.8 vs 2354 33.7; P < .001), admissions (1614 26.4 vs 1722 24.5; P = .01), patients leaving without being seen (158 2.6 vs 360 5.1; P < .001), and patients leaving against medical advice (107 1.8 vs 161 2.3; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes IQR, 7-62 minutes vs 31 minutes IQR, 9-89 minutes; P < .001) and total ED length of stay for admitted patients (614 minutes IQR, 424-1093 minutes vs 822 minutes IQR, 497-1524 minutes; P < .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02). Conclusions and Relevance: This study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster.
Dameff et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: