Just days after SickKids said it was back up and running after a LockBit ransomware attack, Toronto's University Health Network declared an IT outage affecting numerous digital systems across its network. 

WHY IT MATTERS

UHN, one of the largest health systems in Canada with three acute care hospitals and other facilities, warned patients at the onset of the outage that they may not be able to reach several departments and should expect significant delays when arriving for appointments.

The next day the hospital announced that there had been no breach of patient data, and indicated the outage was due to issues with its network.

"We are confident that this was not a cyberattack, and work throughout the night has restored virtually all systems and ensured that they are stable," UHN said in a statement posted to its website.

"There was no breach of patient data, as the problems with the systems were entirely internal."

For SickKids, it took weeks to recover from a ransomware attack in a process that was not without its hiccups.

THE LARGER TREND

Disruptions of any kind can compromise patient safety, and electronic health record outages and other system crashes can happen when infrastructure is overwhelmed.

In 2014 – when hacking attacks only accounted for 1% of unplanned EHR disruptions – hardware malfunctioning, internet connectivity problems, power failures and natural disasters caused patient care disruptions at nearly 60% of hospitals, the U.S. Health and Human Services found. 

At that time, 15% of hospitals experienced EHR dysfunction that impacted patient care; 9% rerouted patients due to the disruptions; and 20% of the outages lasted more than eight hours.

By comparison, 66% of healthcare organizations were hit by ransomware in 2021, often overwhelming nearby hospitals already confronting pandemic-era challenges with rerouted patients. 

Ransomware attacks also result in record-high costs and nearly half disrupt healthcare delivery – for weeks or months. 

While there is no end in sight for ransomware attacks, last July LockBit announced it now prefers data exfiltration and offered a $1 million payout for the personal identifiable information of high-profile individuals. They are not the only ransomware gang currently ditching encryption, Axios reports. 

ON THE RECORD

"We thank all of the people who worked throughout the night to ensure that we can be fully operational by end of day," UHN said.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.