Chair File: Cybersecurity Tips for Keeping Patients Safe in Response to COVID-19

Mar 23, 2020 - 08:49 AM by
Melinda L. Estes, M.D.
Melinda Estes chair file photo 900x400

The heroic, nonstop work of our nation’s hospitals and health systems, physicians, caregivers and staff continues across the country, as care teams race to treat patients affected by the novel coronavirus (COVID-19) and make every effort to contain its spread. To learn more on this important topic, I encourage you to read AHA President and CEO Rick Pollack’s March 20 Perspective.  

But a second critical battle also is underway: blocking attempts by cyber criminals seeking to exploit our current situation for financial gain or worse, the interruption of patient care.

These can take many forms, including “ransomware” that locks up computer networks unless extortion is paid, and sophisticated phishing emails containing malware that can divert hospitals’ payments to a criminal’s account. Among the most dangerous are the cyberattacks that can render ventilators and other essential life-support medical devices inoperable.

The AHA is monitoring government bulletins and threat information, and sharing information from the field. Hospitals and health systems must recognize mitigating cyber risk that can affect patient care and safety is among their highest priorities.  

Here are a few things you can do: 

For life-saving medical devices, ensure effective coordination between clinical engineering and information security teams; maintain accurate inventory of devices; and check update and patch status of all software and firmware contained within the devices. For those devices which remain vulnerable, disconnect or segment them from main networks. 

To protect against phishing emails containing malware, implement staff awareness and education, including routine phishing tests. 
For more information, see the recent article by John Riggi, AHA senior advisor for cyber and risk. AHA will continue to bring you resources and information on ways to protect your information systems and guard patient health. If you have specific questions, please contact Riggi at jriggi@aha.org
 

Related News Articles

Headline
Guidance offers steps to create, maintain operational technology asset inventory for protection
The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13…
Headline
DOJ announces disruption of BlackSuit ransomware group 
The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as “Royal,” including the disruption…
Headline
CDC says COVID-19 cases growing or likely growing in 45 states 
COVID-19 infections are growing or likely growing in 45 states and not changing in five states, according to the latest data from the Centers for Disease…
Headline
Senate confirms Susan Monarez as new CDC director
The Senate July 29 voted 51-47 along party lines to confirm Susan Monarez as the new director of the Centers for Disease Control and Prevention. Monarez served…
Headline
Tactics by Scattered Spider cybercriminals highlighted in joint advisory 
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…
Headline
ASHE recognizes 2025 award winners 
The American Society for Health Care Engineering July 28 announced the recipients of its annual member awards during the 2025 Health Care Facilities Innovation…