What happens to rural hospitals during a ransomware attack? Evidence from Medicare data

Abstract

AbstractPurposeHospitals are increasingly the target of cybersecurity threats, including ransomware attacks. Little is known about how ransomware attacks affect care at rural hospitals.MethodsWe used data on hospital ransomware attacks from the Tracking Healthcare Ransomware Events and Traits database, linked to American Hospital Association survey data and Medicare fee‐for‐service (FFS) claims data from 2016 to 2021. We measured Medicare FFS volume and revenue in the inpatient, outpatient, and emergency room setting—at the hospital‐week level. We then conducted a stacked event study analysis, comparing hospital volume and revenue at ransomware‐attacked and nonattacked hospitals before and after attacks.FindingsRansomware attacks severely disrupted hospital operations—with comparable effects observed at rural versus urban hospitals. During the first week of the attack, inpatient admissions volume fell by 14.7% at rural hospitals (P = .04) and 16.9% at urban hospitals (P = .01)—recovering to preattack levels within 2‐3 weeks. Outpatient visits fell by 35.3% at rural hospitals (P<.01) and 22.0% at urban hospitals (P = .03) during the first week. Emergency room visits fell by 10.0% at rural hospitals (P = .04) and 19.3% at urban hospitals (P = .01). Travel time and distance to the closest nonattacked hospital was 4‐7 times greater for rural ransomware‐attacked hospitals than for urban ransomware‐attacked hospitals.ConclusionsRansomware attacks disrupted hospital operations in rural and urban areas. Disruptions of similar magnitudes may be more detrimental in rural areas, given the greater distances patients must travel to receive care and the outsized impact that lost revenue may have on rural hospital finances.