Frederick Health Goes Offline Following Ransomware Attack – Patients at Risk

Frederick Health Hospital in Frederick, Maryland, experienced a ransomware attack Monday, prompting the organization to take its systems offline and divert ambulances to other emergency departments.

Despite the attack, Frederick Health facilities remained open and continued providing care, albeit with delays. “We are working closely with our third-party cybersecurity experts to bring our systems back online as quickly and safely as possible,” the Fredrick News Post quoted spokesperson Josh Faust as saying.

According to the Maryland Institute for Emergency Medical Services Systems (MIEMSS), the hospital declared a “mini disaster” early Monday, a status typically linked to emergencies like gas leaks or power outages. MIEMSS tracking indicated the emergency department had “suspended operation and can receive absolutely no patients.”

The hospital remains on red and yellow alert. Red alert signifies no available adult in-patient critical care beds, while yellow alert requests a halt to receiving new patients needing urgent medical care.  

Faust confirmed the emergency department was still accepting patients physically present on-site but could not comment on potential data breaches. Frederick County spokesperson Vivian Laxton added that the county had been informed of disruptions in the hospital’s communication systems.

Takeaway: Ransomware attacks on healthcare providers have devastating effects that extend beyond the targeted facility, creating a "blast radius" that negatively impacts patient care at neighboring hospitals as well.  

Research highlights the alarming consequences these cyberattacks have on patient outcomes, both at the affected hospitals and in the wider healthcare ecosystem.

One study found a direct link between ransomware attacks and negative patient outcomes, with increased mortality rates and more complications in medical procedures at hospitals who have been the victim of a ransomware attack.

Another study found that between 2016 and 2021, ransomware attacks contributed to between 42 and 67 patient deaths, as well as a 33% increase in death rates per month for hospitalized Medicare patients being treated at facilities that have suffered a ransomware attack.

But ransomware attacks on healthcare providers are not isolated events; they create system-wide repercussions that extend far beyond the targeted facility. The immediate impact on the victimized hospital is severe, as critical systems are rendered inoperable, causing delays in care, communication breakdowns, and heightened risks of medical errors.

However, the consequences also ripple outward, affecting neighboring healthcare facilities that must absorb diverted patients. This sudden influx of patients overwhelms staff, stretches already limited resources, and leads to overcrowding in emergency departments, further delaying care for all patients.

This "blast radius" affect can significantly compromise patient outcomes for an entire region.  

For instance, when neighboring hospitals are forced to operate beyond capacity, the quality of care deteriorates, increasing the likelihood of complications, longer wait times, and even preventable deaths.  

Ransomware attacks contribute to elevated mortality rates, not only at the targeted facility but also at hospitals within its network of care, amplifying the overall harm. But more research must be done to understand how much of a blast radius an attack actually has on surrounding providers.

A better understanding of the actual impact that ransomware attacks have on patient outcomes is critical to understanding whether we should continue to treat attacks on healthcare providers as criminal matters like an attack on a retailer or manufacturer, or whether we need a different set of responses when we know that lives are literally on the line.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.