Cyberattacks Hit Health Sector, Feds Criticized

Lilu Anderson
Photo: Finoracle.net

Cyberattacks Targeting Healthcare

The healthcare sector has come under siege from cyberattacks, with ransomware posing a significant threat. According to the FBI, in 2023 alone, there were 249 ransomware attacks targeting health institutions, making it the most attacked sector. An example of a significant impact is the attack on Central Oregon Pathology Consultants (COPC), which saw operations affected and financial losses due to the February hack of Change Healthcare.

COPC had to manage without payments for months, relying on cash reserves while the patient payment portal remained down. As of July, about 20,000 claims were still outstanding, impacting their ability to calculate the total loss from the downtime.

Federal Response Under Scrutiny

Critics argue that the federal response to these attacks has been insufficient. The Department of Health and Human Services (HHS) has primarily focused on hospitals, but the weaknesses are widespread across the healthcare system. Senator Ron Wyden criticized the current approach, emphasizing the need for more robust practices beyond self-regulation.

Mark Montgomery from the Foundation for Defense of Democracies highlighted that investment in cybersecurity is minimal, with efforts described as "incremental to almost nonexistent."

The Need for Comprehensive Strategy

The urgency of the situation is undeniable, with 2024 continuing to see health sector cyberattacks. For example, a ransomware attack on OneBlood disrupted blood supply for transfusions. The complexity of operations like chemotherapy preparation is compromised without proper security measures.

In December, HHS proposed a cybersecurity strategy focusing on hospitals, with incentives for adopting essential practices. However, Iliana Peters, a former HHS lawyer, insists that investment should extend to suppliers and contractors within the healthcare system.

Challenges in Coordination and Implementation

The coordination between HHS and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has faced challenges. Disorganization and insufficient staffing have been noted as significant issues. Historically focused on physical-world disasters, the preparedness office's shift to cybersecurity under Trump-era leadership is still criticized for lack of expertise.

During the NotPetya attack in 2017, Health-ISAC had to independently inform its members on response strategies, highlighting the need for better organized federal support.

Moving Forward: Proposed Measures and Funding

HHS is exploring enforceable standards for cybersecurity, aiming to release an updated strategy soon. The department has already requested additional funding, including $12 million for cybersecurity initiatives. However, privacy and security rules updates are pending due to budget constraints.

Despite these measures, experts like Routh emphasize the significant challenges that remain. Without substantial changes, the healthcare industry could continue to face vulnerabilities and threats from cyberattacks.

Share This Article
Lilu Anderson is a technology writer and analyst with over 12 years of experience in the tech industry. A graduate of Stanford University with a degree in Computer Science, Lilu specializes in emerging technologies, software development, and cybersecurity. Her work has been published in renowned tech publications such as Wired, TechCrunch, and Ars Technica. Lilu’s articles are known for their detailed research, clear articulation, and insightful analysis, making them valuable to readers seeking reliable and up-to-date information on technology trends. She actively stays abreast of the latest advancements and regularly participates in industry conferences and tech meetups. With a strong reputation for expertise, authoritativeness, and trustworthiness, Lilu Anderson continues to deliver high-quality content that helps readers understand and navigate the fast-paced world of technology.