%0 Journal Article
%@ 1438-8871
%I JMIR Publications
%V 27
%N 
%P e59231
%T Media Framing and Portrayals of Ransomware Impacts on Informatics, Employees, and Patients: Systematic Media Literature Review
%A Avery,Atiya
%A Baker,Elizabeth White
%A Wright,Brittany
%A Avery,Ishmael
%A Gomez,Dream
%+ , Harbert College of Business, Auburn University, 405 W Magnolia Ave, Auburn, AL, 36849, United States, 1 334 844 2908, atiya.avery@auburn.edu
%K cybersecurity
%K media frames
%K medical informatics
%K practitioners
%K health care provider
%K systematic review
%K employees
%K patient
%K mortality
%K morbidity
%K news media
%K ransomware
%K health information system
%K database
%K health care service
%D 2025
%7 8.4.2025
%9 Review
%J J Med Internet Res
%G English
%X Background: Ransomware attacks on health care provider information systems have the potential to impact patient mortality and morbidity, and event details are relayed publicly through news stories. Despite this, little research exists on how these events are depicted in the media and the subsequent impacts of these events. Objective: This study used collaborative qualitative analysis to understand how news media frames and portrays the impacts of ransomware attacks on health informatic systems, employees, and patients. Methods: We developed and implemented a systematic search protocol across academic news databases, which included (1) the Associated Press Newswires, (2) Newspaper Source, and (3) Access World News (Newsbank), using the search string “(hospital OR healthcare OR clinic OR medical) AND (ransomware OR denial of service OR cybersecurity).” In total, 4 inclusion and 4 exclusion criteria were applied as part of the search protocol. For articles included in the study, we performed an inductive and deductive analysis of the news articles, which included their article characteristics, impact portrayals, media framings, and discussions of the core functions outlined in the National Institute of Standards and Technologies (NIST) Cybersecurity Framework 2.0. Results: The search returned 2195 articles, among which 48 news articles published from 2009 to 2023 were included in the study. First, an analysis of the geographic prevalence showed that the United States (34/48, 71%), followed to a lesser extent by India (4/48, 8%) and Canada (3/48, 6%), featured more prominently in our sample. Second, there were no apparent year-to-year patterns in the occurrence of reported events of ransomware attacks on health care provider information systems. Third, ransomware attacks on health care provider information systems appeared to cascade from a single point of failure. Fourth, media frames regarding “human interest” and “responsibility” were equally representative in the sample. The “response” function of the NIST Cybersecurity Framework 2.0 was noted in 36 of the 48 (75%) articles. Finally, we noted that 17 (14%) of the articles assessed for eligibility were excluded from this study as they promoted a product or service or spoke hypothetically about ransomware events among health care providers. Conclusions: Organizational response represented a substantial aspect of the news articles in our corpus. To address the perception of health care providers’ management of ransomware attacks, they should take measures to influence perceptions of (1) health care service continuity, despite a lack of availability of health informatics; (2) responsibility for the patient experience; and (3) acknowledgment of the strain on health care practitioners and patients through a public declaration of support and gratitude. Furthermore, the media portrayals revealed a prevalence of single points of failure in the health informatics system, thus providing guidance for the implementation of safety protocols that could significantly reduce cascading impacts. 
%R 10.2196/59231
%U https://www.jmir.org/2025/1/e59231
%U https://doi.org/10.2196/59231