Cyberattacks on hospitals risk safety of ‘thousands’ of patients – key equipment targeted | US | News
Hospitals across the US are being targeted by aggressive ransomware campaigns carried out by cybercriminals, who risk bringing already stretched healthcare services to their knees and putting thousands of lives at risk. The attacks, which are becoming increasingly more sophisticated and prevalent, have the ability to steal data and disrupt medical care for the most vulnerable, security experts have warned. In an interview with Express.co.uk, Richard Seiersen, chief risk officer for Resilience, lifted the lid on the dangers cyber attacks pose on patients.
Ransomware hacks, in which attackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s.
But attacks can be especially concerning in the healthcare sector, putting “thousands” of patients’ lives at risk, Mr Seiersen said.
Sophos‘ analysis found more than two-thirds of healthcare organisations in the US said they experienced ransomware attacks last year, up from 34 percent in 2020.
Cyber expert Richard Seiersen told Express.co.uk “the biggest risk” affected by attacks is availability, but equipment and data are also vulnerable to attacks.
He said: “Hindering a hospital’s ability to provide care can be catastrophic. Consider that most hospitals are like mini-cities. They have fluids and gasses running through the walls in addition to standard networks and wifi. Also, they are typically filled with medical equipment that was not designed for unexpected and malicious behaviors”.
Mr Seiersen said the risk is both to IT systems and occupational therapy, adding: “In short, threats that have a sole purpose of impacting availability are primary.
“This is why ransomware is such a big concern for care delivery. Data loss (PHI) comes next and of course, 70 percent of ransomware is double extortion based. That means they both encrypt systems and exfiltrate data”.
He said the attacks could affect medical equipment and health providers’ ability to deliver care to patients but one of the biggest concerns is attacks on electronic medical records.
If hacked into, cybercriminals would effectively have “hacked the brains of the operations” and could steal “reams of protected health information” and patient’s records leading to possible identity theft, he explained.
He also highlighted concerns around “system integrity hacks”, where hackers are able to break into the hospital’s system and change the dosages of medicines on patients’ records.
The security expert, whose company worked with President Biden’s administration to develop a framework to tackle cyber threats, highlighted a recent case of America’s second-largest nonprofit hospital chain.
Since October 3, CommonSpirit hospitals across the country have experienced IT outages, delays, and appointment cancellations caused by cyber-attacks.
The healthcare company confirmed that a portion of its 700 care sites and 142 hospitals were impacted by the ransomware attack and subsequent IT and network outages.
The dilemma of cyberattacks on hospitals has gained the attention of the US government, with Anne Neuberger, deputy national security advisor for cyber and emerging technology, recently saying that new healthcare cybersecurity standards and guidance from the White House are on the horizon.
President Biden’s National Cybersecurity Strategy is set to be released next month, National Cyber Director Chris Inglis said.
It comes in the wake of mounting fear of cyber attacks originating from China and Russia, after Moscow demonstrated its ability to use attacks on critical infrastructure in Ukraine.