Presentation
HE1 - “I’m Scared for My Patients and My License”: Exploring Nurses’ Experiences in Hospitals Affected by Ransomware Attacks With Insights From Reddit
SessionPoster Session 2
DescriptionIntroduction:
Since 2023, the global average cost of a data breach has increased by 10%, reaching $4.88 million (IBM Cost of Data Breach Report, 2024). Healthcare remains the most expensive sector for recovery, with an average cost of $9.77 million per breach—the highest for the fourteenth consecutive year. According to the World Health Organization, cyberattacks against healthcare institutions surged fivefold during the pandemic (Carton et al., 2022). A significant driver of these attacks is ransomware, which nearly doubled in frequency between 2022 and 2023 (Office of the Director of National Intelligence). Ransomware is a type of malware that encrypts data, rendering systems unusable until a ransom is paid to restore access (Chaurasia et al., 2018). Hospitals are especially vulnerable due to their often outdated data protection measures, vital need for records, use of unspecialized browsers and operating systems, valuable patient information, and many caregivers and staff with access to technical equipment which can be lost or stolen (Javaid et al., 2023). This vulnerability has been demonstrated by high-profile attacks in 2024 on Change Healthcare and Ascension, where hackers successfully extorted large payments (Lee et al., 2024). The potential disruption caused by ransomware attacks on healthcare institutions is substantial. Critical systems such as computers, electronic health records, internal communication networks, digital medication systems, laboratory equipment, and radiology systems can be rendered inoperable (Van Boven et al., 2024). These disruptions directly impact patient care, resulting in delayed treatments, compromised health outcomes, and even increased mortality (McKeon, 2022; Ralston, 2020; Van Boven et al., 2024).
While the technical consequences of ransomware attacks have been widely studied, little is known about the impact on nursing staff. Previous research has highlighted the difficulty of obtaining direct participation from healthcare organizations on this sensitive topic. Concerns related to security, liability, damage to reputation, and a sense of failure may deter organizations and staff from openly discussing their experiences (Van Buren et al., 2024). To overcome these barriers, we chose to analyze posts from nurses on Reddit, a social media platform that fosters anonymity and encourages candid discussions. By using Reddit, we can access firsthand accounts that might not be shared in traditional research settings due to privacy concerns. This approach allows us to gather unfiltered insights into nurses' experiences during and after ransomware attacks. Through this study, we aim to assess the impact of ransomware attacks on nurses' workflows, their ability to provide patient care, and their personal well-being, drawing on the perspectives shared in this open forum.
Methods:
We are conducting an inductive thematic analysis of 38 posts with 2,190 comments from the subreddit /r/nursing, a community frequented by English-speaking nurses. The posts were selected based on keywords related to cyberattacks. For each submission, we collected metadata, including the number of upvotes, number of comments, time created, post links, and the full post text. Additionally, for each comment under a submission, we recorded several details: the number of upvotes, time created, controversial score, whether or not the post was gilded, the number of reports, any removal reason if the comment was deleted, total awards received, the user’s flair (self-identification as RN, BSN, MSN, or nursing student, among others), and the comment text. We utilized PRAW (Python Reddit API Wrapper) to gather this data. PRAW is a tool that allows researchers to interact with Reddit’s API, making it possible to retrieve information such as posts, comments, user details, and community-specific data.
To generate an initial codebook, the lead coder reviewed a subset of posts and performed an inductive thematic analysis, examining the post titles, full content, and all associated comments. If a post included a link, the coder also reviewed the linked content for additional context. Most posts were assigned more than one code, with codes identifying key content related to the research questions, such as disruptions to nurses' workflows, challenges in patient care, and the personal well-being of nurses. To provide context for each post, the coder also examined user flairs, which offered insights into the professional roles of contributors, such as whether they worked in ICU, NICU, Pediatrics, Oncology, Telemetry, OB/GYN, Med/Surg, or were Nursing students, among others.
Results:
Although data coding is still in progress, several key themes have emerged. Nurses frequently described the challenges they faced in patient care during ransomware attacks, particularly in the acute phases when hospital systems were down. These challenges included performing required medication double checks, difficulties stemming from paper charting—such as losing important documents and having trouble accurately identifying patients—and missed orders. Nurses also reported frequent overrides with the Pyxis machine. The recovery process was described as equally strenuous, with many nurses struggling to restore normal workflows. Tasks that were typically quick became at least twice as time-consuming, all while they managed increased stress from patients. Nurses also faced financial stresses, such as delayed and inaccurate paychecks, and expressed concerns about their personal data. Additionally, the psychological toll of these attacks has become apparent. Nurses reported heightened levels of stress and anxiety, with many considering quitting. Another prominent theme was the perceived lack of hospital preparedness for handling cyberattacks, leading to concerns that when—not if—mistakes were made, the hospital would not support them.
Conclusion:
Preliminary findings suggest that cyberattacks have a significant impact on nurses’ mental well-being, which may, in turn, compromise patient safety. Recent research aligns with this, showing increased mortality rates in hospitals affected by cyberattacks, emphasizing the severity of the issue.
Since 2023, the global average cost of a data breach has increased by 10%, reaching $4.88 million (IBM Cost of Data Breach Report, 2024). Healthcare remains the most expensive sector for recovery, with an average cost of $9.77 million per breach—the highest for the fourteenth consecutive year. According to the World Health Organization, cyberattacks against healthcare institutions surged fivefold during the pandemic (Carton et al., 2022). A significant driver of these attacks is ransomware, which nearly doubled in frequency between 2022 and 2023 (Office of the Director of National Intelligence). Ransomware is a type of malware that encrypts data, rendering systems unusable until a ransom is paid to restore access (Chaurasia et al., 2018). Hospitals are especially vulnerable due to their often outdated data protection measures, vital need for records, use of unspecialized browsers and operating systems, valuable patient information, and many caregivers and staff with access to technical equipment which can be lost or stolen (Javaid et al., 2023). This vulnerability has been demonstrated by high-profile attacks in 2024 on Change Healthcare and Ascension, where hackers successfully extorted large payments (Lee et al., 2024). The potential disruption caused by ransomware attacks on healthcare institutions is substantial. Critical systems such as computers, electronic health records, internal communication networks, digital medication systems, laboratory equipment, and radiology systems can be rendered inoperable (Van Boven et al., 2024). These disruptions directly impact patient care, resulting in delayed treatments, compromised health outcomes, and even increased mortality (McKeon, 2022; Ralston, 2020; Van Boven et al., 2024).
While the technical consequences of ransomware attacks have been widely studied, little is known about the impact on nursing staff. Previous research has highlighted the difficulty of obtaining direct participation from healthcare organizations on this sensitive topic. Concerns related to security, liability, damage to reputation, and a sense of failure may deter organizations and staff from openly discussing their experiences (Van Buren et al., 2024). To overcome these barriers, we chose to analyze posts from nurses on Reddit, a social media platform that fosters anonymity and encourages candid discussions. By using Reddit, we can access firsthand accounts that might not be shared in traditional research settings due to privacy concerns. This approach allows us to gather unfiltered insights into nurses' experiences during and after ransomware attacks. Through this study, we aim to assess the impact of ransomware attacks on nurses' workflows, their ability to provide patient care, and their personal well-being, drawing on the perspectives shared in this open forum.
Methods:
We are conducting an inductive thematic analysis of 38 posts with 2,190 comments from the subreddit /r/nursing, a community frequented by English-speaking nurses. The posts were selected based on keywords related to cyberattacks. For each submission, we collected metadata, including the number of upvotes, number of comments, time created, post links, and the full post text. Additionally, for each comment under a submission, we recorded several details: the number of upvotes, time created, controversial score, whether or not the post was gilded, the number of reports, any removal reason if the comment was deleted, total awards received, the user’s flair (self-identification as RN, BSN, MSN, or nursing student, among others), and the comment text. We utilized PRAW (Python Reddit API Wrapper) to gather this data. PRAW is a tool that allows researchers to interact with Reddit’s API, making it possible to retrieve information such as posts, comments, user details, and community-specific data.
To generate an initial codebook, the lead coder reviewed a subset of posts and performed an inductive thematic analysis, examining the post titles, full content, and all associated comments. If a post included a link, the coder also reviewed the linked content for additional context. Most posts were assigned more than one code, with codes identifying key content related to the research questions, such as disruptions to nurses' workflows, challenges in patient care, and the personal well-being of nurses. To provide context for each post, the coder also examined user flairs, which offered insights into the professional roles of contributors, such as whether they worked in ICU, NICU, Pediatrics, Oncology, Telemetry, OB/GYN, Med/Surg, or were Nursing students, among others.
Results:
Although data coding is still in progress, several key themes have emerged. Nurses frequently described the challenges they faced in patient care during ransomware attacks, particularly in the acute phases when hospital systems were down. These challenges included performing required medication double checks, difficulties stemming from paper charting—such as losing important documents and having trouble accurately identifying patients—and missed orders. Nurses also reported frequent overrides with the Pyxis machine. The recovery process was described as equally strenuous, with many nurses struggling to restore normal workflows. Tasks that were typically quick became at least twice as time-consuming, all while they managed increased stress from patients. Nurses also faced financial stresses, such as delayed and inaccurate paychecks, and expressed concerns about their personal data. Additionally, the psychological toll of these attacks has become apparent. Nurses reported heightened levels of stress and anxiety, with many considering quitting. Another prominent theme was the perceived lack of hospital preparedness for handling cyberattacks, leading to concerns that when—not if—mistakes were made, the hospital would not support them.
Conclusion:
Preliminary findings suggest that cyberattacks have a significant impact on nurses’ mental well-being, which may, in turn, compromise patient safety. Recent research aligns with this, showing increased mortality rates in hospitals affected by cyberattacks, emphasizing the severity of the issue.
Event Type
Poster Presentation
TimeTuesday, April 14:45pm - 6:15pm EDT
LocationFrontenac Foyer