Perspective: Protecting hospitals, health systems and patients from cyber attacks

Oct 11, 2019 - 01:48 PM by
Rick Pollack
Rick Pollack in front of American Hospital Association seal and American flag

Locked files. No access to EHRs. And patients waiting to go into surgery.
 
This isn’t a fictional scenario — it’s a ransomware attack — and it’s happening in hospitals and health systems across the world … including right here in the U.S.
 
The truth: Any computer system with valuable data is a target for cyber criminals. Hospitals and health systems, municipal governments, even personal computers can be targeted.
 
October is National Cybersecurity Awareness Month… and it’s a good time to do a status check on how prepared your hospital or health system is to prevent a cyber attack from disrupting care and potentially endangering your patients and their data.
 
Cyber attacks targeting hospitals are on the rise. Most attacks come in the form of phishing emails that trick people into clicking links or opening attachments that insert malware into computer networks. Regardless of their origin, these attacks can interrupt care delivery and impact patient safety by shutting down emergency departments, forcing ambulance diversions, disabling medical devices and denying access to essential patient health records.
 
Cyber attacks can be so devastating that many hospitals and health systems now rank cyber risk within their top three enterprise risk issues.
 
The AHA is working to mitigate this threat to America’s hospitals, health systems and our patients. We’re engaging directly with the federal government on both the policy and legislative fronts for increasing cybersecurity resources, creating incentives to expand the cybersecurity workforce, increasing cyber threat information sharing and enhancing medical device cybersecurity requirements.
 
This is only half the battle, though. As many members have already seen, our in-house cybersecurity expert, John Riggi, is working directly with members to enhance their defenses and manage their risk. John spent nearly 30 years at the FBI — including as a senior executive in the FBI cyber division — and was recently selected to co-lead a national health care field cyber task group with the U.S. Department of Health and Human Services. Visit AHA’s website to learn more about how the AHA can provide tailored trainings, workshops and webinars to fit your needs.
 
October may be cybersecurity awareness month … but cybersecurity is something hospital leaders should prioritize every month. The AHA is proud to be your partner in keeping your data — and your patients — safe.

Related News Articles

Headline
CISA extends comment period for proposed rule on cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber…
Headline
White House releases critical infrastructure memo empowering CISA to strengthen health care security 
The Biden Administration April 30 released a memo announcing updated critical infrastructure protection requirements, which include the Cybersecurity &…
Headline
Agencies issue cyber advisory on North Korean spear phishing efforts 
The FBI, State Department and National Security Agency issued a warning about attempts by North Korean state-sponsored cyberthreat actors to exploit improperly…
Headline
Lawmakers grill UHG CEO at hearings following Change Healthcare cyberattack
Senate and House lawmakers May 1 grilled UnitedHealth Group CEO Andrew Witty about the continued fallout from the Feb. 22 cyberattack on Change Healthcare —…
Headline
AHA advertorial: Is UnitedHealth Group ‘Too Big To Fail’? 
“If you are asking yourself how a cyberattack on a single company could cause such massive damage, you are asking the right question,” an AHA advertorial in…
Headline
AHA provides update to Senate, House committee leaders ahead of hearings on fallout from Change Healthcare cyberattack 
The AHA April 29 provided the Senate Committee on Finance and House Energy and Commerce Subcommittee on Oversight and Investigations an update regarding…