Ransomware attacks on healthcare providers are on the rise, but lax reporting requirements obscure the full scope of the problem.

A new report delves more deeply into the data, and its diagnosis is dire.

The JAMA Health Forum study of more than 370 cases finds known ransomware attacks on hospitals and clinics more than doubled from 2016 to 2021.

The incidents exposed the health data of nearly 42 million patients.

Loopholes in reporting standards mean those estimates are likely low.

Almost half of the attacks disrupted care as systems became inaccessible and facilities had to cancel appointments and divert ambulances.

Some clinics simply shut down.

The study authors call for more stringent reporting standards and penalties for noncompliance.

The FBI discourages paying ransom, which emboldens perpetrators and does not always end disruptions or ransom demands.