Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.

Ransomware, malware, phishing and other tools are employed by skilled cybercriminals to extort large sums of money, steal private data from patients and providers, and compromise system safeguards.   

Worse, these attacks directly threaten patient care. Ransomware attackers can disrupt or render inoperable critical medical technology such as radiology, lab services, electronic medical records and the systems which monitor lifesaving equipment, such as ventilators and heart beat monitors.

We are taking many steps to fight back:

  • Ransomware attacks targeting hospitals and health systems now get priority focus from federal law enforcement, due in part to the AHA’s efforts. John Riggi, AHA’s senior advisor for cybersecurity and risk and a former FBI cyber executive, is in frequent touch with former colleagues and helped persuade the FBI and Department of Justice to raise the investigative priority level for ransomware attacks targeting U.S. critical infrastructure to equal that of terrorist attacks.
     
  • AHA’s online resources help keep our field up to date on the latest risks and developments and suggest steps that every provider can take, including those who work from home, to bolster the security of their systems.
     
  • Advancing cybersecurity is a part of our advocacy priorities.
     
  • We are urging Congress to advance cybersecurity efforts by developing coordinated national defense measures, expanding the cybersecurity workforce, disrupting bad actors who target U.S. critical infrastructure and using a “whole of government” approach to increasing consequences for those who commit attacks.

At the same time, we are also pressing the Department of Health and Human Services to ease fines or other penalties against care providers that observe cybersecurity best practices … but are nonetheless victimized by cyberattacks that result in HIPAA violations.

And we hope to see expanded protections to include relief from financial losses when services are impeded … particularly given the financial challenges we are facing as a result of COVID-19.

We had the opportunity to share our concerns with top FBI officials at a recent meeting. The AHA will continue to remain in regular contact with the FBI, HHS, the Cybersecurity and Infrastructure Security Agency, and others, to provide you with the most up-to-date information.  

October is Cybersecurity Awareness Month. But health care providers need to remain aware of the dangers posed by cybercrime every minute of every day. Such crimes will only be deterred by preparation, vigilance and a united front.

Defeating or negating cyberattacks is a significant challenge. But with patient safety at stake, it’s a battle that all of us must take on … and win.

 

Related News Articles

Headline
The FBI Aug. 20 released an advisory warning of malicious activity by Russian cyber actors targeting end-of-life devices running an unpatched vulnerability in…
Perspective
Public
The job description for the ideal health care leader in coming years might read something like this:Wanted: Bold, compassionate innovator who unites clinical…
Headline
The Cybersecurity and Infrastructure Security Agency, Environmental Protection Agency, National Security Agency, FBI and international agencies Aug. 13…
Headline
The Department of Justice Aug. 11 announced a series of actions taken against the BlackSuit ransomware group, also known as “Royal,” including the disruption…
Headline
The Senate July 29 voted 51-47 along party lines to confirm Susan Monarez as the new director of the Centers for Disease Control and Prevention. Monarez served…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…