Cyberattacks are increasing globally and in the U.S., with health care organizations, especially hospitals and health systems, being prime targets.

A recent report from Check Point Research found that:

  • The U.S. saw a 57% increase in the number of cyberattacks in 2022.
  • Health care organizations in the U.S. suffered an average of 1,410 weekly cyberattacks per organization, which is 86% higher than 2021.
  • The health care sector ranked second out of all sectors for the most cyberattacks in the U.S.

The AHA has long been committed to helping hospitals and health systems defend against and deflect cyberattacks that can threaten patient care and compromise patient safety. AHA’s National Advisor for Cybersecurity and Risk John Riggi, a former FBI executive with decades of experience on the front lines of cyber issues, leads these efforts.

In addition to providing support to individual hospitals and health systems, AHA continues to share information and guidance with the field on the latest cyberthreats. We also have a full suite of tools and resources for members, including AHA-vetted cybersecurity services provided by outside consultants that have a proven track record of working with organizations to develop the defenses needed to protect patients and communities.

Hospitals and health systems have prioritized protecting patients and defending their networks from cyberattacks. However, we’ve stressed that an all government approach is necessary given that the field continues to face targets from sophisticated cyber adversaries and nation-states, such as Russia, China, Iran and North Korea.

That’s why the AHA continues to work closely with federal partners, including the FBI, Department of Health and Human Services, Cybersecurity and Infrastructure Security Agency and many others on efforts to prevent and mitigate cyberattacks. And we are having success.

Just last week, the FBI, Department of Justice and other law enforcement agencies announced major action to disrupt and dismantle the Hive ransomware gang that targeted hospitals and other critical infrastructure. Hive was particularly active in targeting our field, using a sophisticated ransomware extortion plot to shut down hospital networks, encrypt and steal hospitals’ most sensitive data, hold it hostage, and disrupt and delay health care delivery.

AHA is pleased to see a notable shift in how federal agencies tackle cyberthreats against our field. We have worked closely with federal partners to elevate the investigative priority of ransomware attacks from economic crimes to what they really are: crimes against human life that have serious consequences for patients. The strategies that helped detect, deter and disrupt terrorist organizations are now being applied to protect the health care sector. The AHA supports these efforts.

As we continue to partner with federal agencies to mitigate cyberthreats, we also are working with Congress and the Administration to advance policies that assist in protecting health care services, data and patients from cyberattacks.

Among other priorities, we’re advocating for policies to increase government cybersecurity assistance, increase collaboration and coordination among federal departments and agencies, recruit additional cybersecurity workforce, improve medical device security and enhance information sharing.

We’re also pushing for a change in how victims of cybercrimes are viewed. Those targeted by cyberattacks should be supported, not assigned blame. It seems like a simple thing, but too often there is an unfortunate narrative in the public that targeted organizations were at fault or unprepared.

We are pleased that Congress passed legislation providing regulatory relief for HIPAA-covered victims of cyberattacks who can demonstrate they have been following recognized cybersecurity practices, and we are supportive of a “safe harbor” for health care organizations that implement recognized security measures.

Hospitals and health systems will continue to prioritize cybersecurity efforts to protect their patients. And the AHA will continue to be your partner in those efforts.

Related News Articles

The AHA Feb. 26 issued a Cybersecurity Advisory highlighting updates on network connectivity issues and indicators of compromise related to the recent…
This week’s cyberattack on Change Healthcare, one of the nation’s largest health care technology companies, is yet another unwelcome reminder of the…
A cyberattack Feb. 21 began disrupting systems and services at Change Healthcare, one of the largest health care technology companies in the United States,…
The U.S. Department of Justice, United Kingdom and other global partners have seized control of servers used by the LockBit ransomware-as-a-service group,…
Bryan Smith, recently retired chief of the FBI’s Cyber Criminal Operations Section, discusses the challenge of protecting the nation's caregivers and patients…
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…