Perspective: Cybersecurity Must Be a Priority Each and Every Day

Oct 15, 2021 - 08:58 AM by
Rick Pollack
Rick Pollack

Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.

Ransomware, malware, phishing and other tools are employed by skilled cybercriminals to extort large sums of money, steal private data from patients and providers, and compromise system safeguards.   

Worse, these attacks directly threaten patient care. Ransomware attackers can disrupt or render inoperable critical medical technology such as radiology, lab services, electronic medical records and the systems which monitor lifesaving equipment, such as ventilators and heart beat monitors.

We are taking many steps to fight back:

  • Ransomware attacks targeting hospitals and health systems now get priority focus from federal law enforcement, due in part to the AHA’s efforts. John Riggi, AHA’s senior advisor for cybersecurity and risk and a former FBI cyber executive, is in frequent touch with former colleagues and helped persuade the FBI and Department of Justice to raise the investigative priority level for ransomware attacks targeting U.S. critical infrastructure to equal that of terrorist attacks.
     
  • AHA’s online resources help keep our field up to date on the latest risks and developments and suggest steps that every provider can take, including those who work from home, to bolster the security of their systems.
     
  • Advancing cybersecurity is a part of our advocacy priorities.
     
  • We are urging Congress to advance cybersecurity efforts by developing coordinated national defense measures, expanding the cybersecurity workforce, disrupting bad actors who target U.S. critical infrastructure and using a “whole of government” approach to increasing consequences for those who commit attacks.

At the same time, we are also pressing the Department of Health and Human Services to ease fines or other penalties against care providers that observe cybersecurity best practices … but are nonetheless victimized by cyberattacks that result in HIPAA violations.

And we hope to see expanded protections to include relief from financial losses when services are impeded … particularly given the financial challenges we are facing as a result of COVID-19.

We had the opportunity to share our concerns with top FBI officials at a recent meeting. The AHA will continue to remain in regular contact with the FBI, HHS, the Cybersecurity and Infrastructure Security Agency, and others, to provide you with the most up-to-date information.  

October is Cybersecurity Awareness Month. But health care providers need to remain aware of the dangers posed by cybercrime every minute of every day. Such crimes will only be deterred by preparation, vigilance and a united front.

Defeating or negating cyberattacks is a significant challenge. But with patient safety at stake, it’s a battle that all of us must take on … and win.

 

Related News Articles

Headline
Obituary: Former Iowa hospital CEO Jim Tinker 
Jim Tinker, 81, former president and CEO of Mercy Medical Center in Cedar Rapids, Iowa, died April 21. Tinker served in this role from 1982 to 2006. During his…
Headline
Report: Delayed or missing payments increased for hospitals in first quarter
Hospitals and health systems nationwide saw a sizable increase in delayed or missing payments in first quarter 2024, according to a report released May 10 by…
Headline
Agencies warn of accelerating attacks on health care by Black Basta ransomware group
The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information…
Headline
DOJ charges Russian national with developing, operating LockBit ransomware
The Department of Justice May 7 announced more than two dozen criminal charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, for his alleged…
Headline
AHA, other hospital groups urge UHG to formalize breach notification plans following Change Healthcare cyberattack 
The AHA and other national hospital groups May 8 sent a letter to UnitedHealth Group, urging the organization to formally accept responsibility for issuing…
Headline
CISA extends comment period for proposed rule on cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber…