Study objective: Cyberattacks are an increasing threat to health care institutions which potentially impair patient outcomes. Current research is limited and focuses mainly on the technical consequences, whereas little is known about health care staff experiences and the effect on emergency care. This study aimed to explore the acute care effect of several large ransomware attacks against hospitals that occurred in Europe and the United States between 2017 and 2022.
Methods: This interview-based qualitative study assessed the experiences of emergency health care professionals and information technology (IT) staff and investigated the challenges during the acute and recovery phase of hospital ransomware attacks. The semistructured interview guideline was based on relevant literature and cybersecurity expert consultation. Transcripts were anonymized, and traceable information regarding participants and/or their organizations was removed for privacy purposes.
Results: Nine participants were interviewed, including emergency health care providers and IT-focused staff. Five themes were constructed from the data: effects and challenges regarding patient care continuity, challenges during the recovery process, personal effect on health care staff, preparedness and lessons identified, and future recommendations.
Conclusions: According to the participants of this qualitative study, ransomware attacks have a significant effect on emergency department workflow, acute care delivery, and the personal well-being of health care providers. Preparedness for such incidents is limited, and many challenges are encountered during the acute and recovery phase of attacks. Although there was profound hesitancy among hospitals to participate in this study, the limited number of participants provided valuable information that can be used to develop response strategies for hospital ransomware attacks.
Copyright © 2023 American College of Emergency Physicians. Published by Elsevier Inc. All rights reserved.