As hospitals increasingly rely on online technology for their operations, cybersecurity experts caution that they are becoming more susceptible to cyberattacks, posing significant challenges to patient care and data security.
Hospitals' Vulnerability to Cyberattacks
According to the Associated Press, John Riggi, cybersecurity adviser for the American Hospital Association, cited the unintended consequences of hospitals' expanded digital footprint, providing cybercriminals numerous opportunities to infiltrate their networks and hold critical systems hostage for substantial ransoms.
"Unfortunately, the unintended consequence of the use of all this network and internet connected technology is it expanded our digital attack surface," Riggi told AP. "So, many more opportunities for bad guys to penetrate our networks."
A staff member cleans in a corridor at the Centre Hospitalier Sud-Francilien (CHSF) hospital in Corbeil-Essonnes, south of Paris, on August 26, 2022, ahead of a visit by the French Health minister and the French Junior minister for Digital Transition and Telecommunications. - The Centre Hospitalier Sud-Francilien (CHSF) was the target of a cyber attack overnight August 20 to 21, seriously disrupting its activity, with the hackers demanding a ransom of 10 million dollards.
According to experts, these attacks are reportedly often orchestrated by adversaries from countries like Russia, North Korea, and Iran, where cybercriminals operate with impunity, reaping substantial rewards from their victims.
Recent incidents include hospitals experiencing debilitating ransomware attacks that disrupt emergency services, surgeries, and patient care. Some hospitals have even been forced to shut down permanently due to the financial fallout from cyberattacks.
The Ann & Robert H. Lurie Children's Hospital of Chicago, renowned for its pediatric care, is the latest victim grappling with a cyberattack, prompting the suspension of its communication systems and access to medical records.
The FBI's involvement signifies the severity of the situation, highlighting the urgent need for enhanced cybersecurity measures within the healthcare sector.
Read Also: DarkGate Malware: Attackers Send Over 1,000 Microsoft Teams Group Chats Invites to Infect Systems
Surge of Cyberattacks on Hospitals
According to Brett Callow from cybersecurity firm Emsisoft, cyberattacks on hospitals have surged, with 46 incidents reported in the past year alone, compared to 25 in the previous year.
Furthermore, the financial demands of cybercriminals have also escalated significantly, with average ransom payments soaring from $5,000 in 2018 to a staggering $1.5 million last year.
Callow emphasized the necessity for governments to take decisive action, proposing a ban on ransom payments by cyberattack victims, including hospitals, local governments, and educational institutions.
He warned that without meaningful intervention, the problem will exacerbate, as the influx of ransom payments fuels the proliferation of cybercrime.
"Unless governments do something more meaningful, more significant than they have done to date, it's inevitable that it'll get worse," Callow said.
In response to the escalating cyber threats faced by healthcare providers, the Department of Health and Human Services (HHS) plans to revise regulations under the Health Insurance Portability and Accountability Act (HIPAA) to address cybersecurity concerns.
These updates aim to bolster protections for patient data and fortify hospitals' defenses against cyberattacks, underscoring the critical importance of proactive measures to safeguard sensitive medical information and ensure uninterrupted patient care.
Related Article: Alleged Russian Cyberattack Persists, Ukraine Still Has No Internet, Air Alert Systems a Day After Attack
