Hospitals are in the Scope

10921891279?profile=RESIZE_400xHospitals on the front line of cyberattacks are increasingly strained under the often deadly conditions created by such hacks.  Capitalizing on the chaos of the COVID-19 pandemic, cyber criminals frequently shut down hospital networks at a time when they were overwhelmed, leading to limited emergency services, canceled surgeries, and a spike in deaths.  Hackers used to treat hospitals as ‘off limits.’  Not the case anymore.

Cyber-attacks have long been viewed as less lethal than missile strikes, but as cyber strikes hit hospitals and take lives, the calculus for how to respond could be changing.  The national adviser for cybersecurity and risk at the American Hospital Association, recently said that it's time "to view these types of attacks, ransomware attacks on hospitals, as threat-to-life crimes, not financial crimes."  Some of the most common strikes against medical facilities, ransomware attacks occur when hackers encrypt networks and demand payment to unlock them.[1]  Mortality rates increased after a ransomware attack at a quarter of the 600 healthcare facilities surveyed in a 2021 study from Proofpoint and the Ponemon Institute.

A ransomware attack in 2020 forced a Düsseldorf, Germany, hospital to close its emergency department, and a patient died in an ambulance while being sent to another hospital.  Red Sky Alliance has previously reported on this and other life threating cyber-attacks in 2021 and 2022.

A woman sued an Alabama hospital in 2020 after the death of her infant, claiming that doctors did not perform necessary pre-birth testing due to a cyberattack at the hospital. The baby was subsequently born with the umbilical cord around its neck, which led to brain damage and the baby's death a few months later, she argued.

Cyberattacks against hospitals have also been on the rise.  "Unfortunately, 2022 appears to be another record year in terms of the volume of attacks against US healthcare and the volume of sensitive patient information which has been either stolen or compromised by these foreign-based cyber adversaries," the AHA said.

While most of the damage from US cyberattacks is still to individuals' data or businesses' profits, the federal government has a list of 16 "critical infrastructure" categories, where a cyber strike could cause a major breakdown in civilian services, including healthcare.

The Biden Administration stated it plans to make hospital cybersecurity a priority in 2023.  More politics or real criminal statutes.  Speaking on condition of anonymity, a senior administration official said that actions could include issuing executive orders to mandate healthcare cybersecurity standards or supporting legislation on the topic.  "Hospitals are a very targeted sector … it's something we're significantly concerned about," the official said.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com      

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989  

[1] https://www.newsmax.com/newsfront/cyberattack-hospitals-ransomware/2022/12/28/id/1102215/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!