Keeping Our Defenses Strong Against Cyberthreats

Oct 21, 2022 - 09:03 AM by
Rick Pollack, President and CEO, AHA
Rick Pollack, American Hospital Association CEO and President standing in front of United States flag and the AHA seal.

The health care field continues to be a top target for cybercriminals. According to data from the Department of Health and Human Services (HHS), there has been an 84% increase in the number of data breaches against health care organizations from 2018-2021, with 324 reported in the first half of 2022 alone.

The attacks have different goals and range in severity. In some cases, cybercriminals steal Social Security numbers and other personal data. Other breaches pose a direct threat to patient safety by shutting down or compromising medical equipment and systems that are critical to patient care.

October is National Cybersecurity Awareness Month. It’s a good time to recognize that cyberattacks directed against hospitals and health systems – and the patients they care for – are relentless.

In fact, our entire field remains at risk from new Russian and North Korean ransomware, as well as the increasing threat to network and internet-connected medical technologies, such as medical devices, that are vulnerable to outside attack.

A cyberattack can be directed at any organization. But that doesn’t mean care providers must be helpless victims. There are tools and resources available to help keep cyber defenses at their peak and lessen the likelihood of serious damage.

Sharing threat information is key. For example, a timely tip to the FBI last year helped to thwart an Iran-sponsored cyberattack on Boston's Children's Hospital. The bureau’s quick response halted the electronic intrusion in its tracks before it could damage the hospital's IT network.

The AHA has long been committed to helping hospitals and health systems guard against and repel cyber threats that can compromise operations and threaten patient care. AHA’s National Advisor for Cybersecurity and Risk John Riggi, a former FBI cyber executive with decades of experience on the front lines and extensive connections with federal law enforcement, leads these efforts.

In addition to providing support and guidance to individual hospitals and health systems, AHA has created a robust menu of tools and resources for members to develop the defenses they need to protect patients and the communities they serve.

On our webpage, you can stay up-to-date on the latest cybersecurity news, including an AHA podcast with the deputy director for the Cybersecurity and Infrastructure Security Agency (CISA), as well as learn about AHA-vetted cybersecurity services that can work with your organization to realize maximum protection.

We also are working on legislative solutions to support the field. The AHA has expressed strong support for the Healthcare Cybersecurity Act (S.3904/H.R.8806), which would improve collaboration and coordination between CISA and HHS. We also have endorsed the Protecting and Transforming Cyber Health Care (PATCH) Act (S.3983/H.R.7084), legislation designed to improve the security of medical devices.

And last year, we worked closely with federal partners to elevate the investigative priority of ransomware attacks from economic crimes to what they really are: threat to life crimes.

We will continue to work collaboratively with federal law enforcement to protect care providers. At the same time, the great majority of these cyberattacks originate from overseas, where cyber gangs often collude with hostile nation states to launch these disruptive attacks against us. Our cyber defenses alone cannot eliminate these sophisticated cyberattacks, which threaten public health and safety and violate U.S. and international law. As such, the federal government has the primary role in stopping or limiting their impact.

We will continue to strongly advocate that the federal government use all elements of national power to disrupt and deter these cyber adversaries. When it comes to cybersecurity, it is truly “one team, one fight” – health care is defense and we need the federal government to be offense.

As you continue to shore up your cyber defenses to deflect these attacks and mitigate their impact, please count on the AHA to be your full partner in this effort.

Related News Articles

Headline
Report: Delayed or missing payments increased for hospitals in first quarter
Hospitals and health systems nationwide saw a sizable increase in delayed or missing payments in first quarter 2024, according to a report released May 10 by…
Headline
Agencies warn of accelerating attacks on health care by Black Basta ransomware group
The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information…
Headline
DOJ charges Russian national with developing, operating LockBit ransomware
The Department of Justice May 7 announced more than two dozen criminal charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, for his alleged…
Headline
AHA, other hospital groups urge UHG to formalize breach notification plans following Change Healthcare cyberattack 
The AHA and other national hospital groups May 8 sent a letter to UnitedHealth Group, urging the organization to formally accept responsibility for issuing…
Headline
CISA extends comment period for proposed rule on cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber…
Headline
White House releases critical infrastructure memo empowering CISA to strengthen health care security 
The Biden Administration April 30 released a memo announcing updated critical infrastructure protection requirements, which include the Cybersecurity &…