As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.

Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during the COVID-19 pandemic to avoid attacking healthcare providers has been abandoned. It’s clear that hospitals are now fair game.

Ransomware attacks on the healthcare sector cause real harm to patients, impacting survival rates and threatening other critical services. And ransomware targeting other critical infrastructure carries serious implications for public health and safety.

Ransomware in life-and-death situations

Hospitals depend heavily on digital systems for managing patient care. When a ransomware attack strikes, these systems go offline, with often tragic results. Research highlights the risks: There’s been a 300% increase in ransomware attacks on healthcare since 2015. This led to a spike in emergency cases, including strokes and cardiac arrests, at hospitals overwhelmed by patients diverted from facilities hit by cyberattacks.

A study by the University of California San Diego showed that ransomware attacks on hospitals cause a spillover effect. This means neighboring hospitals see a surge in patients, leading to cardiac arrest cases jumping 81%. Survival rates also dropped for those cardiac arrest cases.

One recent example is the ransomware attack on Synnovis, a pathology services provider to the NHS in London. The attack caused problems with blood tests and transfusions, delaying crucial cancer treatments and elective procedures across several hospitals. This disruption illustrates a common trend in healthcare-related ransomware incidents: Delayed testing and procedures can become life-threatening as time-sensitive treatments are postponed or missed altogether.

In another study of two urban emergency departments adjacent to a healthcare organization under attack, researchers noted significant increases in patient volume, longer waiting times and increases in patient “left without being seen” rates. These delays, according to the study, underscore the need for a disaster response approach for such incidents.

In some cases, the tragic consequences of ransomware in healthcare have been documented in legal proceedings. In 2020, a woman sued an Alabama hospital, claiming that a ransomware attack had contributed to the death of her newborn daughter. The hospital’s computer systems were offline during delivery, preventing access to critical monitoring tools and allegedly leading to severe birth complications. While the case has been settled, it raises the question of whether similar events may have occurred without public awareness.

Ransomware impacts beyond healthcare

While the healthcare sector’s vulnerability to ransomware is uniquely tragic, critical infrastructure sectors are also facing increased risks. When Colonial Pipeline, a major fuel distributor, was hit by ransomware in 2021, it led to fuel shortages across the Eastern U.S. Though no direct fatalities were reported, the panic that ensued may have resulted in at least one fatal car accident as people rushed to stockpile fuel.

In critical infrastructure sectors, the potential for loss of life or injury is significant. Attacks on power grids, water supplies and transportation systems could have severe consequences. Researchers warn that a ransomware attack on an energy grid, for example, could disrupt power to hospitals, emergency services and vulnerable populations, putting lives at risk. If the healthcare industry can serve as a lesson, the fallout from critical infrastructure attacks is not a hypothetical but a looming possibility.

How ransomware threats exploit vulnerabilities in healthcare

Healthcare facilities are attractive targets for ransomware for several reasons. First, they hold a wealth of sensitive patient data, including medical histories, personal information and financial details. The cost of downtime in healthcare is especially high. When health centers are crippled by ransomware, people’s lives are at stake, making hospitals more likely to pay a ransom quickly. Healthcare ransomware incidents result in an average payment of $4.4 million, according to recent studies from the second quarter of 2024.

Additionally, healthcare facilities often use complex and outdated infrastructure, relying on an assortment of vendors and legacy systems that can be difficult to secure. A lack of centralized cybersecurity across networks further increases vulnerabilities, allowing ransomware groups to infiltrate systems and cause cascading disruptions.

Evidence of ransomware’s lethal potential

Although establishing a direct causal link between ransomware attacks and fatalities can be complicated, recent data provides compelling insights. One analysis estimates that from 2016 to 2021, between 42 and 67 Medicare patients died as a result of ransomware attacks. And this doesn’t include private insurer data. Research also highlights the broader health impacts, including reduced care quality and delayed treatments. During cyber incidents, hospitals often resort to manual processes that lack the safety checks and efficiency of electronic health records, increasing the risk of error and missed diagnoses.

The problem isn’t limited to fatalities. Ransomware-induced delays can exacerbate health issues, resulting in long-term complications and higher healthcare costs. A delayed diagnosis can mean the difference between life and death for conditions like heart disease, stroke and sepsis. Ransomware attacks may, therefore, lead to excess deaths, even if the connection is indirect.

The need for resilience against ransomware attacks

To mitigate the impact of ransomware on patient care, some hospitals have begun implementing ransomware response protocols, such as Children’s National Hospital’s “Code Dark” procedures. These response protocols are designed to maintain continuity of care when systems are down, including clear instructions for manual record-keeping, communication protocols and patient triage. Yet, these steps can only go so far. True resilience requires proactive measures like employee training, layered security controls and frequent system backups to minimize disruption.

As ransomware attacks grow more sophisticated, many in the cybersecurity industry argue for policy changes to address the threat. One critical need is better data sharing among healthcare facilities, cybersecurity experts and government agencies to track trends and respond quickly. Governments also need to classify healthcare cybersecurity as a matter of national security, allocating resources and support to help facilities improve resilience against ransomware and other cyber threats.

Addressing the growing ransomware threat

The threats to the healthcare sector provide a stark reminder of the broader risks ransomware poses to society. While healthcare providers are uniquely vulnerable, other critical infrastructure sectors are increasingly at risk. As demonstrated by the Colonial Pipeline incident, the ripple effects of ransomware can be felt across entire regions, affecting services as fundamental as fuel, water and transportation.

For cybersecurity professionals, the rise in ransomware attacks on critical services calls for a proactive approach to defense. This includes advocating for stronger industry standards, encouraging the use of robust cybersecurity tools and supporting cross-sector collaboration to prepare for and respond to attacks. The goal is clear: To minimize the risk that ransomware claims lives, either directly or through delayed access to essential services.