Increased Vulnerability
Cybersecurity experts are sounding the alarm, stating that hospitals across the United States are at risk of cyberattacks similar to the one currently affecting a prominent children’s hospital in the Midwest. The use of online technology in healthcare has expanded in recent years, supporting telehealth, medical devices, and patient records. However, this increased connectivity has inadvertently widened the hospitals’ digital attack surface, providing more opportunities for malicious actors to breach their networks.
A Favorite Target
Hospitals have become a prime target for internet thieves who hold their systems’ data and networks hostage for substantial ransoms. John Riggi, the American Hospital Association’s cybersecurity adviser, warns that these assailants often operate from nations such as Russia, North Korea, and Iran, where they face little punishment and enjoy significant financial gains from their victims. Last year alone, there were 46 cyberattacks on hospitals, compared to 25 in the previous year, with the average ransom payout skyrocketing from $5,000 to $1.5 million.
Children’s Hospital Forced Offline
The Ann & Robert H. Lurie Children’s Hospital of Chicago, one of the top children’s hospitals in the country, has recently fallen victim to a cyberattack. As a result, the hospital has been forced to take its phone, email, and medical record systems offline. The FBI is now investigating the incident. Brett Callow, an analyst for cybersecurity firm Emsisoft, emphasizes that without more significant government intervention, the situation will only worsen.
New Rules and Funding Needed
To combat the rising threat, the Department of Health and Human Services has announced plans to rewrite the rules for the Health Insurance Portability and Accountability Act (HIPAA) later this year. These new provisions will address cybersecurity and aim to protect patient information. Additionally, the department is considering implementing cybersecurity requirements tied to hospitals’ Medicaid and Medicare funding. However, Deputy Secretary Andrea Palm acknowledges that some hospitals, especially rural ones, may struggle to afford the necessary cybersecurity updates. HHS is seeking increased funding from Congress to address this issue.
Impacts on Patient Care
The consequences of cyberattacks on hospitals are significant. Networks can be offline for weeks or even months, leading to the redirection of patients to other facilities. The Lurie Children’s Hospital in Chicago has been offline for two weeks, resulting in surgeons resorting to manual techniques during operations. While the hospital has established a separate call center and resumed some care, full recovery can take months, affecting everything from patient care to payroll.
In the face of these escalating cyber threats, urgent action is needed to protect hospitals and ensure the continuity of critical healthcare services.