The threat to public health from the pandemic is thankfully subsiding. Unfortunately, a very different threat is on the rise: Cyber criminals have been ramping up their attacks on the health care sector, jeopardizing systems and putting lives at risk.

Last week the FBI issued an alert on “Conti,” a ransomware variant identified in at least 16 attacks targeting U.S. health care and first responder networks in the past year. These included law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities.

This heightened aggression is seen in similar ransomware attacks directed around the world. Cyber gangs — often operating from foreign jurisdictions beyond the direct reach of U.S. law enforcement — have demonstrated their frightening scope by freezing or compromising critical hospital infrastructure in New Zealand and Ireland.

Ransomware attacks anywhere delay and disrupt the delivery of patient care, and pose significant potential risks to patient safety and the communities that rely on hospitals’ and health systems’ capabilities.

In testimony before the Senate Homeland Security Committee last year, AHA made our position clear: A ransomware attack on a hospital or health system crosses the line from an economic crime to a threat-to-life crime.

The sophistication of many of these ransomware attacks, and the fact that some are carried out with the active assistance of adversarial nations, make them difficult to guard against or respond to, even for large and well-resourced health organizations.

We continue to urge the government to coordinate all of our diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds.

In the meantime, there are precautionary measures every hospital and health system can take. A good start is sharing the latest federal government ransomware bulletins with your leadership and cyber security teams. These can be found on AHA’s cybersecurity and risk advisory services webpage.  

AHA also has launched a new Preferred Cybersecurity Provider program to assist hospitals and health systems with selecting a trusted and vetted cybersecurity solution provider that can address their specific challenges. You can contact John Riggi, AHA senior advisor for cybersecurity and risk, for more information.

At its core, cybersecurity is about protecting our country and our people from those who would do it harm. 

On that note, let me close this week’s column with a salute to the brave women and men in uniform who were willing to lay down their lives to protect our nation. This Memorial Day, and every day, we should be mindful of and profoundly grateful for their sacrifice. To those who have died in service of our country and their families, we will never forget the gift you gave.

Related News Articles

Chairperson's File
Back in 2011, the first wave of Baby Boomers — people born from 1946 to 1964 — celebrated their 65th birthday. That marked a new demographic trend: the aging…
The Healthcare and Public Health Sector Coordinating Council, whose members include the AHA, yesterday urged President Biden to include support for health care…
Just days ago, UnitedHealthcare announced a new policy that threatened to deny some patient claims for emergency services starting July 1 if the insurer…
The National Center for Healthcare Leadership is accepting nominations through July 2 for the 2021 Gail L. Warden Leadership Excellence Award. The annual award…
When COVID-19 was rapidly sweeping through the country in spring 2020, Americans instinctively did what they have done for generations in times of peril: They…
The White House today released a memo from Anne Neuberger, Deputy Assistant to President Biden, and Deputy National Security Advisor for Cyber and…