"The reality of being locked up by ransomware is no longer a concern reserved solely for major health systems, once a primary target," Marion Renault reports for Stat. "Regional hospitals and specialty clinics are now also constantly warding off, and falling prey to, malicious cyberattacks as ransomware groups grow more opportunistic than ever. Federal databases detail a number of small providers — from pediatrics clinics to hearing centers, chiropractors and child abuse prevention non-profits — caught up in the sweep of attacks targeting the health care system. Such attacks "can be devastating for a health system of any size and scary for anyone relying on its care. But for smaller hospitals and practices, the costs — both to patients and to the bottom line — can be especially steep. Experts say that small, rural providers are also less likely to be prepared to defend, resolve and recover from a ransomware attack than their larger, urban counterparts."
An October 2020 ransomware attack on Sky Lakes Medical Center in Klamath Falls, Oregon, for example, hobbled the hospital for nearly a month, left patients with little or no care, and cost the hospital an estimated $10 million in lost services, replaced equipment and more, even though it didn't pay the ransom, Renault reports. Cyberattacks have driven some providers out of business, such as Brookside ENT in Michigan or Wood Ranch Medical in California. Hospitals survive, but the breakdown in care can cause patients to lose trust, and sometimes they sue for damages, Renault reports.