Perspective: Managing the Increase in Cyber Threats

The threat to public health from the pandemic is thankfully subsiding. Unfortunately, a very different threat is on the rise: Cyber criminals have been ramping up their attacks on the health care sector, jeopardizing systems and putting lives at risk.

Last week the FBI issued an alert on “Conti,” a ransomware variant identified in at least 16 attacks targeting U.S. health care and first responder networks in the past year. These included law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities.

This heightened aggression is seen in similar ransomware attacks directed around the world. Cyber gangs — often operating from foreign jurisdictions beyond the direct reach of U.S. law enforcement — have demonstrated their frightening scope by freezing or compromising critical hospital infrastructure in New Zealand and Ireland.

Ransomware attacks anywhere delay and disrupt the delivery of patient care, and pose significant potential risks to patient safety and the communities that rely on hospitals’ and health systems’ capabilities.

In testimony before the Senate Homeland Security Committee last year, AHA made our position clear: A ransomware attack on a hospital or health system crosses the line from an economic crime to a threat-to-life crime.

The sophistication of many of these ransomware attacks, and the fact that some are carried out with the active assistance of adversarial nations, make them difficult to guard against or respond to, even for large and well-resourced health organizations.

We continue to urge the government to coordinate all of our diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds.

In the meantime, there are precautionary measures every hospital and health system can take. A good start is sharing the latest federal government ransomware bulletins with your leadership and cyber security teams. These can be found on AHA’s cybersecurity and risk advisory services webpage.  

AHA also has launched a new Preferred Cybersecurity Provider program to assist hospitals and health systems with selecting a trusted and vetted cybersecurity solution provider that can address their specific challenges. You can contact John Riggi, AHA senior advisor for cybersecurity and risk, for more information.

At its core, cybersecurity is about protecting our country and our people from those who would do it harm. 

On that note, let me close this week’s column with a salute to the brave women and men in uniform who were willing to lay down their lives to protect our nation. This Memorial Day, and every day, we should be mindful of and profoundly grateful for their sacrifice. To those who have died in service of our country and their families, we will never forget the gift you gave.