Date of Award


Degree Name

Healthcare Administration


College of Business

Type of Degree


Document Type

Research Paper

First Advisor

Alberto Coustasse


Introduction: The healthcare industry, particularly hospitals, have fallen prey to the alarming rise of ransomware attacks. In recent years, highly sophisticated cybergroups, armed with substantial funds and advanced technology, have intensified their focus on hospitals. Despite the advice against it, most hospitals have paid the ransom in order to regain access to their electronic systems and patient data, underlining the severity of these attacks.

Purpose of the Study: The purpose of this research was to evaluate the effects of ransomware attacks on hospitals in the US to determine if the patients were at risk due to hackers withholding patient information and causing equipment malfunctions, the associated operational and ransom costs, and the disruption of hospital business operations.

Methodology: This study utilized a literature review complemented by a semi-structured interview with a cybersecurity professor. Three electronic databases, Google Scholar, and other private and government websites were searched for this research, and 32 sources were referenced. Of these, 14 sources were used in the results section.

Results: The research showed that costs such as ransom payments, operations, revenue loss, remediation fees, and legal fines have increased over the last few years. As cybergroups become more sophisticated, the more costly ransomware attacks have become on hospitals in the US. The interconnectedness of hospital electronic systems and technology (i.e., imaging services, ventilators, infusion pumps, etc.) increased patient risk during ransomware attacks. Longer lengths of stay were reported during a ransomware attack. Hospital business operations were shown to be severely disrupted when ransomware attacks occurred. Canceled appointments/surgeries and ambulance diversions decreased patient volume during the first week of an attack.

Discussion/Conclusion: Ransomware attacks on hospitals in the US significantly impacted costs and business operations. The findings were inconclusive on whether patient risk increased due to ransomware attacks. Some publications showed an increase, while others did not. Further study was needed on all three outcomes due to recent ransomware attacks that have become more frequent and sophisticated.


Health services administration.

Health facilities -- Business management.

Data Privacy.

Hacking -- Economic aspects -- United States.