Healthcare Organizations are Facing New Threat

This post is also available in: עברית (Hebrew)

Is the COVID-19 pandemic the major challenge faced by health organizations? Not necessarily. A total of 59 U.S. health care providers or systems have been impacted by ransomware in 2020, disrupting patient care at up to 510 facilities. Hospitals and clinics have been rapidly expanding data collection and adding internet-enabled medical devices, many of which are poorly secured. Hospital administrators, meanwhile, have been slow to update software, encrypt data, train staff in cyber hygiene and recruit security specialists, leaving them vulnerable to cyber-attacks.

Just as nationwide cases of COVID-19 are spiking, Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. healthcare system, an effort that, if successful, could paralyze hospital information systems.

In a joint alert, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”

The attack involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient. But such consequences are still rare.

The federal warning itself could help stave off the worst consequences, either by leading hospitals to take additional precautions or by expanding efforts to knock down the systems cybercriminals use to launch such attacks, as reported by apnews.com.