Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn

Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches.
Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records.
Today, they are a favorite target for internet thieves who hold systems' data and networks hostage for hefty ransoms, said John Riggi, the American Hospital Association's cybersecurity adviser.
In November, a ransomware attack on a health care chain that operates 30 hospitals and 200 health facilities in the United States forced doctors to divert patients from emergency rooms and postpone elective surgeries.
A rural Illinois hospital announced it was permanently closing last year because it couldn't recover financially from a cyberattack.
Hackers went as far as posting photos and patient information of breast cancer patients who were receiving treatment at a Pennsylvania health network after the system was hacked last year.
Now, one of the top children's hospitals in the country, the Ann & Robert H. Lurie Children's Hospital of Chicago, has been forced to put its phone, email and medical record systems offline as it battles a cyberattack.
Brett Callow, an analyst for the cybersecurity firm Emsisoft, counted 46 cyberattacks on hospitals last year, compared with 25 in 2022.
The paydays for criminals have gotten bigger too, with the average payout jumping from $5,000 in 2018 to $1.5 million last year.
Callow believes the government should ban cyberattack victims such as hospitals, local governments and schools from paying ransoms.
The dramatic increase in these online raids has prompted the nation's top health agency to develop new rules for hospitals to protect themselves from cyber threats.
The Department of Health and Human Services said it will rewrite the rules for the Health Insurance Portability and Accountability Act - the federal law commonly called HIPPA that requires insurers and health systems to protect patient information - to include new provisions that address cybersecurity later this year.
The department is also considering new cybersecurity requirements attached to hospitals' Medicaid and Medicare funding.
She added, some hospitals will struggle to protect themselves.
She is worried about rural hospitals, for example, that may have difficulty cobbling together money to properly update their cybersecurity.
The attacks can put hospitals' networks offline for weeks or months, forcing hospitals to turn away patients.
In Chicago, Lurie hospital's network has been offline for two weeks.
The hospital, which served more than 260,000 patients last year, has established a separate call center for patients' needs and resumed some care.
His daughter's planned heart surgery was postponed on Jan. 31, when the hospital found itself under cyber siege.
Even once Lurie has restored their network, it'll likely take months of behind-the-scenes work for the hospital to fully rebound, Callow said.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 15 Feb 2024 18:43:04 +0000


Cyber News related to Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn

Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. ...
8 months ago Securityweek.com
Hospitals Must Treat Patient Data and Health With Equal Care - COMMENTARY. Hospitals are in the crosshairs: As collectors of some of the most personal and sensitive data available, hospitals are a prime target for hackers and cyberattacks. Patient data needs to be treated with as much care and sensitivity as the ...
9 months ago Darkreading.com
Capital Health Hospitals hit by cyberattack causing IT outages - Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. The healthcare system manages two hospitals, an outpatient facility in ...
11 months ago Bleepingcomputer.com
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
11 months ago Windsorstar.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
9 months ago Techtarget.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
9 months ago Darkreading.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
10 months ago Cyberdefensemagazine.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
New Jersey, Pennsylvania hospitals affected by cyberattacks - Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network ...
11 months ago Therecord.media
Feds cough up 'voluntary' cybersecurity goals for hospitals The Register - Plus, you're going to be in for a world of hurt when new regulations - which will very likely mirror these voluntary practices - take effect, according to Taylor Lehmann, a director in Google Cloud's Office of the Chief Information Security Officer. ...
9 months ago Go.theregister.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
9 months ago Helpnetsecurity.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
10 months ago Securityboulevard.com
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
8 months ago Darkreading.com
Hospitals ask courts to force cloud storage firm to return stolen data - Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack and now stored on the servers of a Boston cloud storage company. Carthage Area Hospital and Claxton-Hepburn Medical Center have ...
10 months ago Bleepingcomputer.com
LockBit targets hospitals - We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. These attacks include ones against Yakult Australia and the Ohio Lottery by the new ...
10 months ago Bleepingcomputer.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
HHS proposes new cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare - The United States Department of Health and Human Services said it is planning to take a range of actions in an effort to better address cyberattacks on hospitals, which have caused dozens of outages across the country in recent months. First reported ...
10 months ago Therecord.media
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
9 months ago Cyberdefensemagazine.com
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
10 months ago Heimdalsecurity.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
9 months ago Securityzap.com
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
9 months ago Darkreading.com
US Releases 3000 Immigrants Seeking Asylum After Data Breach Puts Their Lives At Risk - A recent data breach of one of America’s most notorious immigration detention centers is putting the lives of thousands of asylum seekers at risk. In a surprise move, the U.S. government has released 3000 immigrants seeking asylum, in response to ...
1 year ago Bitdefender.com
Latest Information Security and Hacking Incidents - Swatting involves making repeated false reports to the police about individuals, leading armed authorities to unsuspecting victims' homes. Threat actors are pressuring US hospitals by threatening patients with swatting incidents unless a ransom is ...
9 months ago Cysecurity.news
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions - Middle East oil and gas operators will need to be vigilant about the risk of cyberattacks as the Israel-Gaza conflict continues, security experts warn, or else risk energy supply disruption globally. A recent report by S&P Global Ratings found that ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)