The threat to public health from the pandemic is thankfully subsiding. Unfortunately, a very different threat is on the rise: Cyber criminals have been ramping up their attacks on the health care sector, jeopardizing systems and putting lives at risk.

Last week the FBI issued an alert on “Conti,” a ransomware variant identified in at least 16 attacks targeting U.S. health care and first responder networks in the past year. These included law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities.

This heightened aggression is seen in similar ransomware attacks directed around the world. Cyber gangs — often operating from foreign jurisdictions beyond the direct reach of U.S. law enforcement — have demonstrated their frightening scope by freezing or compromising critical hospital infrastructure in New Zealand and Ireland.

Ransomware attacks anywhere delay and disrupt the delivery of patient care, and pose significant potential risks to patient safety and the communities that rely on hospitals’ and health systems’ capabilities.

In testimony before the Senate Homeland Security Committee last year, AHA made our position clear: A ransomware attack on a hospital or health system crosses the line from an economic crime to a threat-to-life crime.

The sophistication of many of these ransomware attacks, and the fact that some are carried out with the active assistance of adversarial nations, make them difficult to guard against or respond to, even for large and well-resourced health organizations.

We continue to urge the government to coordinate all of our diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds.

In the meantime, there are precautionary measures every hospital and health system can take. A good start is sharing the latest federal government ransomware bulletins with your leadership and cyber security teams. These can be found on AHA’s cybersecurity and risk advisory services webpage.  

AHA also has launched a new Preferred Cybersecurity Provider program to assist hospitals and health systems with selecting a trusted and vetted cybersecurity solution provider that can address their specific challenges. You can contact John Riggi, AHA senior advisor for cybersecurity and risk, for more information.

At its core, cybersecurity is about protecting our country and our people from those who would do it harm. 

On that note, let me close this week’s column with a salute to the brave women and men in uniform who were willing to lay down their lives to protect our nation. This Memorial Day, and every day, we should be mindful of and profoundly grateful for their sacrifice. To those who have died in service of our country and their families, we will never forget the gift you gave.

Related News Articles

AHA yesterday thanked Reps. Jason Crow, D-Colo., and Brian Fitzpatrick, R-Pa., for introducing a House companion to the Healthcare Cybersecurity Act (S.3904/H.…
A survey released in early September from Proofpoint, Inc., and the Ponemon Institute, on cybersecurity in health care raises important issues but appears to…
The communications protocol for the Medtronic MiniMed 600 Series Insulin Pump System could allow an unauthorized person to access the pump to deliver too much…
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a monkeypox-themed phishing…
Cyber criminals are increasingly targeting health care payment processors to redirect payments intended for health care providers to accounts they control,…
The FBI yesterday charged three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims,…