The U.S. healthcare system is increasingly under siege by cyberattacks, jeopardizing patient care, privacy, and the integrity of medical facilities.
These sophisticated attacks are escalating, prompting a critical response from both healthcare leaders and government officials to protect one of the nation’s most vital sectors.
Cyberattacks on healthcare facilities have surged, impacting diverse segments from hospitals and physician offices to payment processors and biomedical research centers.
Erik Decker, vice president and chief information security officer at Intermountain Health and chairman of the Joint Cybersecurity Working Group, emphasized the necessity of adopting an “adversarial mindset” to confront these threats.
He spoke at a virtual event organized by U.S. News & World Report, highlighting the concerted effort needed to mitigate the financial and human costs, which run into billions annually.
The complexity and intensity of these attacks are profound.
Vugar Zeynalov, chief information security officer at Cleveland Clinic Health System, points out that cyber incidents have evolved beyond data breaches to directly undermine patient safety and care.
“Cybercrime robs our patients of what’s most precious to them: their lives, their privacy, and their future,” Zeynalov remarked, underscoring the gravity of the issue.
Industry experts identify three primary methods through which attackers penetrate healthcare networks: social engineering, exploiting misconfigured devices, and unauthorized third-party connections.
Once inside, cybercriminals often target critical administrative domains to gain widespread access.
Marc Maiffret, chief technology officer at BeyondTrust, stresses that these attackers aim to acquire “the full keys to the kingdom,” making comprehensive security measures essential.
In response to these growing threats, the Department of Health and Human Services, in collaboration with the Healthcare Sector Coordinating Council’s Joint Cybersecurity Working Group, has released a slew of resources and best practices to bolster cybersecurity in healthcare settings. These tools are designed to help institutions “hack themselves” to identify and address vulnerabilities before attackers can exploit them.
As cyber threats grow more sophisticated, the call for a unified defense becomes louder. The sharing of defensive strategies and resources, particularly among smaller, rural hospitals, is crucial.
“We need to come together and share our defense strategies,” Zeynalov urges, highlighting the necessity of collective action against these formidable adversaries.