Skip to main page content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2024 Apr 10;6(4):e1079.
doi: 10.1097/CCE.0000000000001079. eCollection 2024 Apr.

Ransomware Cyberattack Associated With Cardiac Arrest Incidence and Outcomes at Untargeted, Adjacent Hospitals

Thaidan T Pham  1 Theoren M Loo  2 Atul Malhotra  3 Christopher A Longhurst  4   5 Diana Hylton  6 Christian Dameff  4   7   8 Jeffrey Tully  6 Gabriel Wardi  3   7 Rebecca E Sell  9 Alex K Pearce  3
Affiliations

Ransomware Cyberattack Associated With Cardiac Arrest Incidence and Outcomes at Untargeted, Adjacent Hospitals

Thaidan T Pham et al. Crit Care Explor. .

Abstract

Objectives: Healthcare ransomware cyberattacks have been associated with major regional hospital disruptions, but data reporting patient-oriented outcomes in critical conditions such as cardiac arrest (CA) are limited. This study examined the CA incidence and outcomes of untargeted hospitals adjacent to a ransomware-infected healthcare delivery organization (HDO).

Design setting and patients: This cohort study compared the CA incidence and outcomes of two untargeted academic hospitals adjacent to an HDO under a ransomware cyberattack during the pre-attack (April 3-30, 2021), attack (May 1-28, 2021), and post-attack (May 29, 2021-June 25, 2021) phases.

Interventions: None.

Measurements and main results: Emergency department and hospital mean daily census, number of CAs, mean daily CA incidence per 1,000 admissions, return of spontaneous circulation, survival to discharge, and survival with favorable neurologic outcome were measured. The study evaluated 78 total CAs: 44 out-of-hospital CAs (OHCAs) and 34 in-hospital CAs. The number of total CAs increased from the pre-attack to attack phase (21 vs. 38; p = 0.03), followed by a decrease in the post-attack phase (38 vs. 19; p = 0.01). The number of total CAs exceeded the cyberattack month forecast (May 2021: 41 observed vs. 27 forecasted cases; 95% CI, 17.0-37.4). OHCA cases also exceeded the forecast (May 2021: 24 observed vs. 12 forecasted cases; 95% CI, 6.0-18.8). Survival with favorable neurologic outcome rates for all CAs decreased, driven by increases in OHCA mortality: survival with favorable neurologic rates for OHCAs decreased from the pre-attack phase to attack phase (40.0% vs. 4.5%; p = 0.02) followed by an increase in the post-attack phase (4.5% vs. 41.2%; p = 0.01).

Conclusions: Untargeted hospitals adjacent to ransomware-infected HDOs may see worse outcomes for patients suffering from OHCA. These findings highlight the critical need for cybersecurity disaster planning and resiliency.

Keywords: cardiac arrest; cyberattack; cybersecurity; outcomes; ransomware.

PubMed Disclaimer

Conflict of interest statement

Drs. Malhotra, Dameff, Wardi, and Pearce received support for article research from the National Institutes of Health (NIH). Dr. Malhotra received funding from Zoll, Jazz, Eli Lilly, and Livanova. ResMed gave a philanthropic donation to the University of California San Diego. Dr. Longhurst receives support from the Joan and Irwin Jacobs Center for Health Innovation. Dr. Dameff is supported by Career Development Award (1-K08-EB032477) from the National Institute of Biomedical Imaging and Bioengineering. Dr. Wardi’s institution received funding from the NIH (K23 GM146092) and National Foundation of Emergency Medicine; he received funding from Northwest Anesthesia. Dr. Sell received funding from Zoll. Dr. Pearce received funding from the National Heart, Lung, and Blood Institute (T32). The remaining authors have disclosed that they do not have any potential conflicts of interest.

Figures

Figure 1.
Figure 1.
Autoregressive integrated moving average (ARIMA) 4-yr (January 2016 to April 2021) monthly moving average and May 2021 forecast of cardiac arrests: all cardiac arrest (A), out-of-hospital cardiac arrest (OHCA) (B), and in-hospital cardiac arrest (IHCA) cases (C).
See this image and copyright information in PMC

References

    1. Neprash HT, McGlave CC, Cross DA, et al. : Trends in ransomware attacks on US hospitals, clinics, and other health care delivery organizations, 2016-2021. JAMA Health Forum 2022; 3:e224873. - PMC - PubMed
    1. Jarrett MP: Cybersecurity—a serious patient care concern. JAMA 2017; 318:1319–1320 - PubMed
    1. Landi H: Scripps Health Was Attacked by Hackers: Now, Patients Are Suing for Failing to Protect Their Health Data. Fierce Healthcare. 2021. Available at: https://www.fiercehealthcare.com/tech/following-ransomware-attack-scripp.... Accessed July 5, 2023
    1. Smart W: Lessons Learned Review of the WannaCry Ransomware Cyber Attack. 2018. Available at: https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-re.... Accessed August 8, 2023
    1. Dameff C, Tully J, Chan TC, et al. : Ransomware attack associated with disruptions at adjacent emergency departments in the US. JAMA Network Open 2023; 6:e2312270. - PMC - PubMed