The newest cyber danger could hurt you and your loved ones the most
We cannot live without computer technology, but reliance on it can be deadly.
Major hospitals in London have declared a “critical incident” after a cyberattack resulted in cancelled operations and emergency patients being diverted elsewhere. According to early reports, the cyberattack was against a company called Synnovis, which provides pathology services to many British hospitals. Most at risk are patients who rely on blood transfusions, which can impact both minor and major surgeries.
A Russian cyber gang is thought to be behind the attack, which disabled operations in one of the most serious of recent events against hospitals.
Cyberattacks on hospitals in America, Europe and around the world are growing, with the number of reported ransom attacks directed at U.S. hospital systems having nearly doubled from 2022 to 2023, according to the nonpartisan EconoFact.
Every aspect of health care is at global risk, from sensitive data about individuals to insurance reimbursements and routine billing to emergency services and life-threatening procedures, according to a major report by U.S. News & World Report, which recently brought together health care experts to confront the enormous challenges and threats to health care from increasingly sophisticated criminal organizations.
Ironically, European police and intelligence officials have been cracking down on the rise of ransomware attacks on health systems, including a raid last week that culminated in the arrest of four “high value” suspects threatening hospitals.
These kinds of attacks are becoming all too frequent. A recent ransomware attack in the United States hit Ascension, one of the largest health systems in the country, affecting some 140 hospitals located across 19 states. The medical records from that attack are still being sorted out.
And this past February, a cyberattack on a company called Change Healthcare brought medical billing in the United States to a standstill.
Many government and private-sector leaders have been advocating for more defensive measures, mitigation plans and communications strategies to deal with ransomware attacks, which, inevitably, create panic and a loss of confidence in hospitals. The U.S. Congress also needs to seek answers to ensure the American hospital system is ready.
In most cases, the hospitals that recover best have prepared and practiced for these kinds of events, which not only can cost health disruptions but enormous financial costs.
In 2021 Scripps Health in San Diego experienced a data incursion that breached their defenses. Together with the American Health Association, resources were quickly marshaled and best practices were utilized. But the monthlong cost to recover from that incident was high. Scripps Health said in financial statements that the ransomware attack cost the system nearly $113 million. The legal action that resulted required Scripps to pay $3.5 million to victims of the attack.
Federal, state and local officials in the United States are working on strategies to mitigate against these risks, including how to communicate with publics after an attack. The Department of Health and Human Services has published a variety of resources on its website laying out voluntary cybersecurity performance goals developed with the HSCC’s Joint Cybersecurity Working Group.
But such attacks are a global phenomenon.
On Oct. 13, 2021, the Israeli health system, Hillel Yaffe, was hit by a ransomware attack from an unknown hacker group. All computer systems at all levels of the hospital were locked, without the option to log in. This denial-of-service attack led to two months of a digital nightmare and the creation of new forms of back-up systems that are now being studied in the United States.
These attacks on health systems, like any form of terrorism, must be met with fierce counter measures. Prevention is also critical; we must get ahead of the hackers.
For now, our thoughts are with all the providers and patients left in limbo in London. It is a nightmare none of us should have to deal with.
As a nation and a community of nations, we must confront the dependency that healthcare organizations today have on digital systems, especially as we explore the potential of artificial intelligence to increase that dependence on data. And we must punish the nefarious people who are crippling our health systems.
Tara D. Sonenshine is a senior nonresident fellow at the Fletcher School of Law and Diplomacy at Tufts University.
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.