Cybersecurity experts have warned that hospitals across the country are at risk from attacks like this one. Catastrophic surgery at top Midwestern children’s hospitaland that the U.S. government is doing little to prevent such violations.
In recent years, hospitals have transitioned to using online technology to support everything from telemedicine to medical equipment and patient records. They are now popular targets for Internet thieves who hold systems’ data and networks hostage and demand large ransoms, said John Riggi, a cybersecurity advisor for the American Hospital Association.
“Unfortunately, an unintended consequence of using all of these networks and internet-connected technologies is that the digital attack surface has expanded,” Rigi said. “That means there are more opportunities for bad actors to break into our networks.”
The perpetrators, often operating from America’s adversaries such as Russia, North Korea and Iran, earn large sums from their victims but have little chance of being punished.
In November, there was a ransomware attack on the healthcare chain. 30 US hospitals and 200 medical facilities force doctors to convert Get patients out of the emergency room and postpone elective surgeries.
on the other hand, Rural Illinois Hospital Announces It closed permanently last year after failing to recover financially from the cyberattack.and Hackers went so far as to post photos and patient information of breast cancer patients. They were being treated at a Pennsylvania health network after the system was hacked last year.
Now, Chicago’s Ann & Robert H. Lurie Children’s Hospital, one of the nation’s leading children’s hospitals, is forced to take its phone, email, and medical records systems offline to combat cyberattacks. . The FBI said it was investigating.
said Brett Callow, an analyst at cybersecurity firm Emsisoft. counted There were 46 cyber attacks against hospitals last year, compared to 25 in 2022. Criminals also get paid more, with the average payout jumping from $5,000 in 2018 to $1.5 million last year.
These include a major cyber attack launched against three major hospital systems in Florida.
Last June, HCA Healthcare announced it was the target of a massive data breach involving approximately 11 million patients and 1,400 facilities in 20 states, including Florida.
A month ago, Tampa General Hospital reported that an “unauthorized third party” hacked into the hospital’s computer network and obtained personal data, including Social Security numbers, for approximately 1.2 million patients.
In February 2023, Tallahassee Memorial Healthcare announced that it was forced to cancel elective surgeries and divert some emergency patients for several days due to what experts described as a ransomware attack.
“Unless the government does something more meaningful and important than what it has done so far, it is inevitable that things will get worse,” Carrow said.
Callow believes the government should prohibit cyberattack victims such as hospitals, local governments and schools from paying ransoms. “Ransomware systems are now being paid so much money that the problem is not going to go away on its own,” he said.
In response to this dramatic increase in online raids, the nation’s top health agency has taken the following actions: Developing new rules to help hospitals protect themselves from cyber threats.
The Department of Health and Human Services has announced that it will rewrite the following regulations: Health Insurance Portability and Accountability Act – A federal law commonly referred to as HIPPA that requires insurance companies and health systems to protect patient information is expected to include new provisions addressing cybersecurity later this year.
The department is also considering new cybersecurity requirements for Medicaid and Medicare funding for hospitals.
“The more prepared we are, the better,” Deputy Commissioner Andrea Palm said.
But some hospitals will struggle to protect themselves, she added. She worries, for example, about rural hospitals that have difficulty raising funds to properly update their cybersecurity. HHS wants more funding from Congress to address the issue, but Palm doesn’t have the exact amount the department is seeking, she said.
“It is important to note that this requires resources, and we cannot set the industry up to not meet the requirements,” Palm said.
Being a victim of a cyber attack can cost a lot of money. This attack could take hospital networks offline for weeks or months. Force hospitals to refuse patients.
In Chicago, the Lurie hospital network has been offline for two weeks. The hospital, which served more than 260,000 patients last year, has set up a separate call center and resumed some services based on patient needs.
On Thursday, Lurie’s surgeons operated on Jason Castillo’s 7-month-old daughter mostly by hand, bypassing some of the high-tech equipment typically used.
His daughter’s scheduled heart surgery was postponed to January 31 after the hospital was found to be under cyber siege. The surgeon spoke to Ms. Castillo before her daughter was taken in her wheelchair for the six-hour surgery and assured her that she was confident she could perform the surgery despite the ongoing cyber attacks.
“She’s in great condition,” Castillo said of her daughter, who is currently recovering at home. She said, “I feel like a big cloud has been lifted from our household.”
Even if Lurie restores the network, it will likely take months for hospitals to fully recover, Callow said.
“These incidents can impact everything from patient care to payroll,” Callow says. “Full recovery can take months. You can’t just flip a switch and everything will be back to normal.”
Copyright 2024 Health News Florida