Over recent months, increasing ransomware attacks and other cybersecurity threats in the health care field have underscored the critical need for hospitals and health systems to defend against malicious actors. Health care possesses a unique combination of highly targeted data sets that makes it a prime target by cyber adversaries.

Ransomware Impacts and Cyber Defense Challenges

During my testimony to the U.S. Senate in December 2020, I pointed out that a ransomware attack could interrupt patient care, or worse, shut down operations at the facility, thereby putting patient lives, and the community, at risk. Cybersecurity vulnerabilities and intrusions can also negatively affect a health care organization’s reputation.

Many hospitals and health systems recognize that they must view cybersecurity not as a novel or IT-only issue but rather as an enterprise risk — so they are striving to make cybersecurity part of their existing governance, risk management and business continuity framework as part of their efforts to elevate their vigilance against growing and more sophisticated cyberthreats. Yet, as they face dire workforce shortages and financial challenges exacerbated by the pandemic, enhancing their cyber defenses can be quite a struggle.

Call for Help

That is why in 2020 I called upon the Senate to expand public-private partnerships and cross-industry efforts to share threat information, and to step up to defend the nation’s hospitals and health systems from cyberattacks. After all, hospitals can only do so much on defense when foreign-based adversaries sheltered by hostile nation-states attack them. We also need a robust offense by the U.S. government to go after bad actors.

Administration Takes Action

For this reason, I commend the Biden Administration on its National Cybersecurity Strategy, announced March 2, 2023, which is aimed at shifting cyber defense responsibilities, improving cyber resilience and disrupting cyberthreat operations. The Strategy acknowledges that private sector efforts alone are insufficient to counter the significant cyberthreats we face as a nation.

We at the American Hospital Association (AHA) are pleased that the Strategy includes several important ideas we fully support, including:

  • Declaring ransomware attacks as a national security threat.
  • Conducting more offensive operations against cyberthreat actors.
  • Implementing software security requirements for software developers.

I am also proud of the FBI’s actions in defending hospitals and health systems from cyberattacks. Recently, for example, the FBI took down the Hive ransomware gang, whose criminal enterprise threatened patient safety. To hear the dramatic story, listen to my podcast interview with the FBI supervisor in charge of the Hive investigation.

The AHA Continues to Support Health Care Cybersecurity Efforts

The AHA will continue to work with the hospital field, Congress and the Administration, and other stakeholders to advance and adopt cyber policies that are streamlined, effective and feasible to implement.

And, as the AHA’s national advisor for cybersecurity and risk and a former FBI cyber executive, I want you to know that I provide a variety of cybersecurity offerings to advise and assist health care organizations like yours in mitigating the many cyber and physical risks you face. View the many places I’ve traveled over the past two years as part of my work with AHA members, hospital associations and government officials.

Plus, learn how the exclusive, highly vetted panel of service providers in our AHA Preferred Cybersecurity Provider (APCP) Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.

Related News Articles

Headline
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Chairperson's File
In this Leadership Dialogue, I talk with Amy Perry, president and CEO of Banner Health, based in Phoenix. Before joining Banner Health three years ago, Amy…
Headline
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…