Perspective: Cybersecurity Must Be a Priority Each and Every Day

Cybercrimes directed against hospitals and health systems have been on a massive upswing worldwide for several years, accelerating even more during the COVID-19 pandemic.

Ransomware, malware, phishing and other tools are employed by skilled cybercriminals to extort large sums of money, steal private data from patients and providers, and compromise system safeguards.   

Worse, these attacks directly threaten patient care. Ransomware attackers can disrupt or render inoperable critical medical technology such as radiology, lab services, electronic medical records and the systems which monitor lifesaving equipment, such as ventilators and heart beat monitors.

We are taking many steps to fight back:

• Ransomware attacks targeting hospitals and health systems now get priority focus from federal law enforcement, due in part to the AHA’s efforts. John Riggi, AHA’s senior advisor for cybersecurity and risk and a former FBI cyber executive, is in frequent touch with former colleagues and helped persuade the FBI and Department of Justice to raise the investigative priority level for ransomware attacks targeting U.S. critical infrastructure to equal that of terrorist attacks.
   
• AHA’s online resources help keep our field up to date on the latest risks and developments and suggest steps that every provider can take, including those who work from home, to bolster the security of their systems.
   
• Advancing cybersecurity is a part of our advocacy priorities.
   
• We are urging Congress to advance cybersecurity efforts by developing coordinated national defense measures, expanding the cybersecurity workforce, disrupting bad actors who target U.S. critical infrastructure and using a “whole of government” approach to increasing consequences for those who commit attacks.

At the same time, we are also pressing the Department of Health and Human Services to ease fines or other penalties against care providers that observe cybersecurity best practices … but are nonetheless victimized by cyberattacks that result in HIPAA violations.

And we hope to see expanded protections to include relief from financial losses when services are impeded … particularly given the financial challenges we are facing as a result of COVID-19.

We had the opportunity to share our concerns with top FBI officials at a recent meeting. The AHA will continue to remain in regular contact with the FBI, HHS, the Cybersecurity and Infrastructure Security Agency, and others, to provide you with the most up-to-date information.  

October is Cybersecurity Awareness Month. But health care providers need to remain aware of the dangers posed by cybercrime every minute of every day. Such crimes will only be deterred by preparation, vigilance and a united front.

Defeating or negating cyberattacks is a significant challenge. But with patient safety at stake, it’s a battle that all of us must take on … and win.