Unlike COVID-19, ransomware will continue to be a threat to hospitals
December 18, 2020
Op-Ed: Unlike COVID-19, ransomware will continue to be a threat to hospitals
By George Gray, CTO and VP of research & development, Ivenix. Column in The Eagle Tribune, 12/18/20
With the ebbs and flows of COVID-19, pandemic-related hurdles – particularly hospitalization surges we’re currently experiencing – are top of mind for hospitals. However, my biggest fear, and I’m sure also for others involved in cybersecurity prevention, is how ransomware attackers can use the pandemic as an opportunity to target hospital systems and exploit their vulnerabilities.
Data breaches are extremely common today. Locally, Lawrence General Hospital reported a small patient data breach in September that caused the hospital to go offline for 36 hours, leading to a new software installation to safeguard its computer systems.
Though resources and staff are stretched thinner than ever, it is vital for hospital leadership to always have cybersecurity on their minds and in their ongoing operational plans.
In late October, federal agencies, including the FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency issued an advisory warning that U.S. hospitals will face increased cybercrime threats and recommending organizations beef up protections.
Electronic medical records provide a huge breadth of data: Social Security numbers, billing details, health concerns and overall demographic details. To sophisticated attackers who can act quickly, hospitals are enticing for that reason.
In pursuit of this data, attackers detect vulnerabilities from several angles, locking up systems and/or encrypting valuable information and, at times, forcing hospitals to pay hefty sums of money to get back online.
Attacks on U.S. hospital systems can be particularly profitable, creating more reason for international attackers to focus their energy on institutions here in the states. Rather than something that can be permanently fixed, cybersecurity is more like a chess game hospitals are forced to play with attackers. They set up their defenses; the hacker attacks. And, if they get through, the hospital responds with a counter-move as well as new defenses against future attacks.
As daunting as that sounds, hospital leadership, especially chief information officers, plays a key role in how to keep their network structures safe. It’s a tough spot to be in, as putting protections in place means investing in the appropriate software, IT technologies, medical devices as well as skilled cybersecurity experts within their organizations.
Whether hospitals and healthcare organizations spend a few hundred dollars or a few million, they are vulnerable. But when challenges like COVID-19 divert plans and saturate budgets, hospitals can quickly fall behind. Unfortunately, as budgets get tight, the “if it ain’t broke, why fix it” mindset can quickly take hold, further delaying plans.