Perspective: Protecting hospitals, health systems and patients from cyber attacks

Rick Pollack in front of American Hospital Association seal and American flag

Locked files. No access to EHRs. And patients waiting to go into surgery.

This isn’t a fictional scenario — it’s a ransomware attack — and it’s happening in hospitals and health systems across the world … including right here in the U.S.

The truth: Any computer system with valuable data is a target for cyber criminals. Hospitals and health systems, municipal governments, even personal computers can be targeted.

October is National Cybersecurity Awareness Month… and it’s a good time to do a status check on how prepared your hospital or health system is to prevent a cyber attack from disrupting care and potentially endangering your patients and their data.

Cyber attacks targeting hospitals are on the rise. Most attacks come in the form of phishing emails that trick people into clicking links or opening attachments that insert malware into computer networks. Regardless of their origin, these attacks can interrupt care delivery and impact patient safety by shutting down emergency departments, forcing ambulance diversions, disabling medical devices and denying access to essential patient health records.

Cyber attacks can be so devastating that many hospitals and health systems now rank cyber risk within their top three enterprise risk issues.

The AHA is working to mitigate this threat to America’s hospitals, health systems and our patients. We’re engaging directly with the federal government on both the policy and legislative fronts for increasing cybersecurity resources, creating incentives to expand the cybersecurity workforce, increasing cyber threat information sharing and enhancing medical device cybersecurity requirements.

This is only half the battle, though. As many members have already seen, our in-house cybersecurity expert, John Riggi, is working directly with members to enhance their defenses and manage their risk. John spent nearly 30 years at the FBI — including as a senior executive in the FBI cyber division — and was recently selected to co-lead a national health care field cyber task group with the U.S. Department of Health and Human Services. Visit AHA’s website to learn more about how the AHA can provide tailored trainings, workshops and webinars to fit your needs.

October may be cybersecurity awareness month … but cybersecurity is something hospital leaders should prioritize every month. The AHA is proud to be your partner in keeping your data — and your patients — safe.

Cybersecurity