In the wake of increasing ransomware attacks on the healthcare industry across America, lawmakers are advising the Biden administration to increase cybersecurity in the space. In a letter addressed to the Department of Health and Human Services (HHS), Senator Angus King of Maine and Rep. Mike Gallagher of Wisconsin stated their case as to why we need to better protect hospitals from cyber threats. They expressed concern about ongoing threats to patient safety and requested an urgent meeting with health officials for an update on their current cyber posture.
Ransomware attacks have been on the rise in recent years as cybercriminals have noticed that hospitals are often willing to pay ransoms quickly to resolve issues and maximize patient safety. This trend is expected to continue unless stronger cybersecurity measures are put into place at the federal level. This call to action is backed by John Riggi, the national adviser for cybersecurity and risk at the American Hospital Association (AHA).
Riggi also mentioned how the number of cyberattacks increased dramatically during the height of the Covid-19 pandemic, adding high levels of risk to a sector that was already susceptible: “They understand that we are vulnerable, they understand that we in health care possess all kinds of valuable information”.
So, what is so valuable about the data held by the healthcare industry? Typically, they collect very sensitive information about patients that can be used to steal identities or sold to the highest bidder. Cybercriminals may also be interested in obtaining intellectual property, as healthcare is often at the forefront of research and technology. Another challenge is that hospitals and other medical centers are often open 24/7, meaning that these machines are operating constantly, and nobody has the time to correct and patch any vulnerabilities.
Kroll, a risk consulting firm, performed a study about the industry and found some alarming data: There has been a 90% increase in the number of attacks against healthcare organizations in the second quarter of this year compared to the first quarter, with ransomware being the most commonly used attack type. This should create a massive sense of urgency within the government and healthcare space; if the proper measures are not put into place soon, it is only a matter of time before the next medical center is compromised with ransomware.
To combat these threats, the healthcare sector needs to significantly increase its workforce and financial resources. That will be challenging, as there is a huge shortage of cybersecurity professionals across all industries. The government and the private sector must continue to work together to combat cyber threats and share best practices to ensure that the medical industry is protecting itself in the best possible way.
A bipartisan bill was introduced in March 2021 that furthers this by requiring the Cybersecurity and Infrastructure Security Agency (CISA) to collaborate with the US Department of Health and Human Services (HHS) to strengthen guidelines and standards in both the public and private sectors of healthcare. This bill is certainly a great step forward for the medical space, but until these standards are met and put in place, medical centers remain at serious risk.
Do you agree with lawmakers that the Biden administration should prioritize cybersecurity in the healthcare sector? What other steps do you think could be taken to better protect hospitals from attack? Reach out and let us know. Thanks for reading!