JMIR Publications

ABSTRACT

Background:

It is becoming readily apparent that ransomware attacks on healthcare providers have the potential to impact patient mortality and morbidity. Details of these events are oftentimes relayed to the public via news stories. Despite this, there is little research on how these events are depicted in the media and any subsequent insights that can be gleaned.

Objective:

This study aimed to understand how the news media frames and portrays the impacts of ransomware attacks on health informatic systems, employees, and patients utilizing collaborative qualitative analysis.

Methods:

We developed and implemented a systematic search protocol across academic news databases, screening 2,195 news articles. Employing inductive and deductive collaborative qualitative analysis methodologies, we examined 48 news articles published between 2009 and 2023. For deductive analysis, we analyzed the news articles for common media frames using the framework outlined by Semetko and Valkenburg (2000) in addition to the core functions outlined in the National Institute of Standards and Technologies Cybersecurity Framework 2.0. For inductive analysis, we analyzed news articles and their portrayals of the impacts of ransomware attacks on health informatics systems, patients, and employees.

Results:

First, news articles from the United States, followed to a lesser extent by India and Canada, feature more prominently in our sample. Second, there are no apparent year-to-year patterns regarding news articles concerning ransomware events on healthcare providers. Media portrayals of the impacts of ransomware attacks on healthcare providers can be perceived as cascading from a single point of failure. Third, media framing pertaining to "human interest" and "responsibility" were equally representative media frames in the sample. Fourth, based on the core functions of CSF 2.0, content pertaining to "response" regarding the unavailability of a health informatics system was noted in 75% of the articles

Conclusions:

In light of organizational response being the core function of the CSF 2.0 being significantly represented, We recommend that healthcare providers address perception management of ransomware attacks by ensuring: 1) a perception of continuity of healthcare service despite the unavailability of health informatics, 2) a perception of taking responsibility for the patient experience, and 3) acknowledgment of strain on healthcare practitioners and patients through a public declaration of support and gratitude. Regarding cybersecurity management insights the media portrayals reveal that addressing single points of failure in the health informatics system can significantly reduce cascading impacts. Lastly, we note that almost 14% of full articles assessed for eligibility and excluded from this study appeared to promote a product or consulting service and/or spoke hypothetically about ransomware events among healthcare providers. We discuss the implications of all our results and conclude with limitations regarding their interpretation