When describing the month of March there is an old saying: In like a lion, out like a lamb. I wonder if the same can be said for the state of ransomware in healthcare for 2023. I recently attended the American Hospital Association (AHA) Rural Leadership meeting in San Antonio and continually heard that a top concern is ransomware. How are hospitals being targeted? Who is targeting them? How should they plan and prepare for a breach and how do they ensure resiliency during the downtime?

On January 26, 2023, the Department of Justice (DOJ) announced that, following an extensive operation, the FBI were able to disrupt the Hive ransomware gang’s operations by distributing decryption keys to numerous victims mid-attack. It has been established that Hive’s victims included hospitals, U.S. K-12 schools, and other critical infrastructure entities. The question of “if” or “when” the victim of a ransomware attack should report and involve authorities comes up during every discussion involving cybersecurity incident response.

On 04 October 2022 CommonSpirit Health announced a cyberattack affecting its system of healthcare facilities. CommonSpirit Health operates more than 1,000 care sites and 140 hospitals in 21 states, including CHI (Catholic Health Initiatives) Health and MercyOne facilities in Iowa. CommonSpirit reported on their website that the attack affected their electronic medical record (EMR) and CHI Health and MercyOne have notified their patients that patient portals, electronic prescriptions, and scheduling have been affected, with some procedures delayed.