UNITED STATES NEWS

Cyberattacks on hospitals are likely to increase, putting lives at risk, experts warn

Feb 14, 2024, 6:00 PM

Cybersecurity experts are warning that hospitals around the country are at risk for attacks like th...

Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. (AP Photo/M. Spencer Green)

(AP Photo/M. Spencer Green)

WASHINGTON (AP) — Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital, and that the U.S. government is doing too little prevent such breaches.

Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records. Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage for hefty ransoms, said John Riggi, the American Hospital Association’s cybersecurity adviser.

“Unfortunately, the unintended consequence of the use of all this network and internet connected technology is it expanded our digital attack surface,” Riggi said. “So, many more opportunities for bad guys to penetrate our networks.”

The assailants often operate from American adversaries such as Russia, North Korea and Iran, where they enjoy big payouts from their victims and face little prospect of ever being punished.

In November, a ransomware attack on a health care chain that operates 30 hospitals and 200 health facilities in the United States forced doctors to divert patients from emergency rooms and postpone elective surgeries. Meanwhile, a rural Illinois hospital announced it was permanently closing last year because it couldn’t recover financially from a cyberattack. And hackers went as far as posting photos and patient information of breast cancer patients who were receiving treatment at a Pennsylvania health network after the system was hacked last year.

Now, one of the top children’s hospitals in the country, the Ann & Robert H. Lurie Children’s Hospital of Chicago, has been forced to put its phone, email and medical record systems offline as it battles a cyberattack. The FBI has said it is investigating.

Brett Callow, an analyst for the cybersecurity firm Emsisoft, counted 46 cyberattacks on hospitals last year, compared with 25 in 2022. The paydays for criminals have gotten bigger too, with the average payout jumping from $5,000 in 2018 to $1.5 million last year.

“Unless governments do something more meaningful, more significant than they have done to date, it’s inevitable that it’ll get worse,” Callow said.

Callow believes the government should ban cyberattack victims such as hospitals, local governments and schools from paying ransoms. “There’s so much money being paid into the ransomware system now there’s no way the problem is going to simply go away on itself,” he said.

The dramatic increase in these online raids has prompted the nation’s top health agency to develop new rules for hospitals to protect themselves from cyber threats.

The Department of Health and Human Services said it will rewrite the rules for the Health Insurance Portability and Accountability Act -– the federal law commonly called HIPPA that requires insurers and health systems to protect patient information – to include new provisions that address cybersecurity later this year.

The department is also considering new cybersecurity requirements attached to hospitals’ Medicaid and Medicare funding.

“The more prepared we are the better,” said Deputy Secretary Andrea Palm.

But, she added, some hospitals will struggle to protect themselves. She is worried about rural hospitals, for example, that may have difficulty cobbling together money to properly update their cybersecurity. HHS wants more money from Congress to tackle the issue, but Palm said the agency doesn’t have a precise dollar amount its seeking.

“It’s important to note that this has to come with resources,” Palm said. “We can’t set the industry up not to be able to meet requirements.”

Becoming the victim of a cyberattack is costly, too. The attacks can put hospitals’ networks offline for weeks or months, forcing hospitals to turn away patients.

In Chicago, Lurie hospital’s network has been offline for two weeks. The hospital, which served more than 260,000 patients last year, has established a separate call center for patients’ needs and resumed some care.

On Thursday, Lurie’s surgeons operated on Jason Castillo’s 7-month-old daughter mostly by hand, without some of the high-tech devices usually used.

His daughter’s planned heart surgery was postponed on Jan. 31, when the hospital found itself under cyber siege. The surgeon talked to Castillo before his daughter was wheeled in for a six-hour surgery, promising that he felt confident he could do the procedure despite the ongoing cyberattack.

“She’s doing fantastic,” Castillo said of his daughter, who is now recovering at home. “It feels like a huge cloud has been lifted from our household.”

Even once Lurie has restored their network, it’ll likely take months of behind-the-scenes work for the hospital to fully rebound, Callow said.

“These incidents can affect everything from patient care to payroll,” Callow said. “Fully recovering can take months, it’s not simply a matter of flicking a switch and everything comes back on.”

United States News

Associated Press

Car collides head on with a bus central Washington, killing 4 and injuring 7

VOLTAGE, Wash. (AP) — Four people were killed and seven others were hurt when a motorist trying to pass another car on a two-lane highway hit a charter bus in central Washington state. A Toyota Camry was heading west on Highway 28 east of Wenatchee on Sunday afternoon when it hit an oncoming Northwestern Stage […]

55 minutes ago

Secretary of Defense Pete Hegseth, responds to reporters' questions before the start of a meeting w...

Associated Press

Hegseth renames North Carolina military base Fort Roland L. Bragg

WASHINGTON (AP) — Defense Secretary Pete Hegseth signed an order Monday restoring the name of a storied special operations forces base back to Fort Bragg. The North Carolina base was renamed Fort Liberty in 2023 as part of a national effort under the Biden administration to remove names that honored Confederate leaders. The base’s original […]

1 hour ago

FILE - WWE chairman and CEO Vince McMahon speaks to an audience during a fan appreciation event, Oc...

Associated Press

Vince McMahon’s lawyer was wrong to withhold documents sought by grand jury, court rules

A former lawyer for pro-wrestling impresario Vince McMahon was wrong to withhold some documents from a federal grand jury as it investigated how the former WWE boss handled multimillion-dollar settlement agreements with two female employees who accused him of sexual abuse, a federal appeals court ruled Monday. Three judges on the 2nd U.S. Court of […]

2 hours ago

Trump administration...

Associated Press

Judge finds Trump administration hasn’t fully followed his order to unfreeze federal spending

A federal judge found Monday that the Trump administration hasn’t fully followed his order to unfreeze federal spending and told the White House to release billions of dollars in funding.

3 hours ago

Associated Press

Aid groups sue over Trump’s order suspending federal refugee program and funding

SEATTLE (AP) — Major refugee aid groups sued the Trump administration on Monday over the president’s executive order suspending the federal refugee resettlement program and funding for resettlement agencies. The lawsuit filed in U.S. District Court in Seattle asks the court to declare Trump’s executive order illegal, stop the order’s implementation and restore refugee-related funding. […]

3 hours ago

Associated Press

Judge set to rule on Justice Department’s demands that Musk resume access to Treasury records

NEW YORK (AP) — A federal judge is likely to quickly decide whether to grant Justice Department demands that Elon Musk’s Department of Government Efficiency be allowed to immediately resume accessing Treasury Department records containing personal data for millions of Americans. Judge Jeannette A. Vargas had ordered lawyers to meet and confer over any changes […]

4 hours ago

Sponsored Articles

...

Collins Comfort Masters

Collins Comfort Masters: Your go-to plumbing experts in Arizona

Collins Comfort Masters, a trusted name in HVAC, water and plumbing since 1985, is you go-to plumbers for the residents of Phoenix and the Valley.

...

Bright Wealth Management

How IRAs are a helpful tool in retirement planning

When it comes to retirement planning, individual retirement accounts (IRAs) can be a great tool for income growth.

...

Day & Night Air Conditioning, Heating and Plumbing

Why a Heating Tune-Up is Essential Before Winter

PHOENIX, AZ — With cooler weather on the horizon, making sure your heating system is prepped and ready can make all the difference in staying comfortable this winter.

Cyberattacks on hospitals are likely to increase, putting lives at risk, experts warn