Perspective: Protecting hospitals, health systems and patients from cyber attacks

Oct 11, 2019 - 01:48 PM by
Rick Pollack
Rick Pollack in front of American Hospital Association seal and American flag

Locked files. No access to EHRs. And patients waiting to go into surgery.
 
This isn’t a fictional scenario — it’s a ransomware attack — and it’s happening in hospitals and health systems across the world … including right here in the U.S.
 
The truth: Any computer system with valuable data is a target for cyber criminals. Hospitals and health systems, municipal governments, even personal computers can be targeted.
 
October is National Cybersecurity Awareness Month… and it’s a good time to do a status check on how prepared your hospital or health system is to prevent a cyber attack from disrupting care and potentially endangering your patients and their data.
 
Cyber attacks targeting hospitals are on the rise. Most attacks come in the form of phishing emails that trick people into clicking links or opening attachments that insert malware into computer networks. Regardless of their origin, these attacks can interrupt care delivery and impact patient safety by shutting down emergency departments, forcing ambulance diversions, disabling medical devices and denying access to essential patient health records.
 
Cyber attacks can be so devastating that many hospitals and health systems now rank cyber risk within their top three enterprise risk issues.
 
The AHA is working to mitigate this threat to America’s hospitals, health systems and our patients. We’re engaging directly with the federal government on both the policy and legislative fronts for increasing cybersecurity resources, creating incentives to expand the cybersecurity workforce, increasing cyber threat information sharing and enhancing medical device cybersecurity requirements.
 
This is only half the battle, though. As many members have already seen, our in-house cybersecurity expert, John Riggi, is working directly with members to enhance their defenses and manage their risk. John spent nearly 30 years at the FBI — including as a senior executive in the FBI cyber division — and was recently selected to co-lead a national health care field cyber task group with the U.S. Department of Health and Human Services. Visit AHA’s website to learn more about how the AHA can provide tailored trainings, workshops and webinars to fit your needs.
 
October may be cybersecurity awareness month … but cybersecurity is something hospital leaders should prioritize every month. The AHA is proud to be your partner in keeping your data — and your patients — safe.

Related News Articles

Headline
Agencies issue guidance on mitigating cyberthreats with limited resources 
The Cybersecurity and Infrastructure Security Agency along with international agencies May 14 released guidance for high-risk nonprofit and other resource-…
Headline
Report: Delayed or missing payments increased for hospitals in first quarter
Hospitals and health systems nationwide saw a sizable increase in delayed or missing payments in first quarter 2024, according to a report released May 10 by…
Headline
Agencies warn of accelerating attacks on health care by Black Basta ransomware group
The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information…
Headline
DOJ charges Russian national with developing, operating LockBit ransomware
The Department of Justice May 7 announced more than two dozen criminal charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, for his alleged…
Headline
AHA, other hospital groups urge UHG to formalize breach notification plans following Change Healthcare cyberattack 
The AHA and other national hospital groups May 8 sent a letter to UnitedHealth Group, urging the organization to formally accept responsibility for issuing…
Headline
CISA extends comment period for proposed rule on cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber…