Summary
Health care ransomware attacks surged in 2023, making the sector the most targeted by cybercriminals. The FBI reported that 249 ransomware incidents specifically targeted health institutions, highlighting significant vulnerabilities within the industry and raising concerns about the adequacy of federal responses to these threats.
The impact of ransomware on the health care sector has been profound, with organizations like Central Oregon Pathology Consultants facing severe operational disruptions due to payment processing hacks, such as the one involving Change Healthcare. Critics argue that the federal government’s response, primarily focused on hospitals, is insufficient and underfunded, leaving other critical areas of the health care system exposed. Recent incidents, including a data breach affecting over three million individuals through the MOVEit attacks, underscore the urgent need for improved cybersecurity measures across all health care entities. Experts emphasize that a more coordinated and comprehensive approach is necessary to protect health care providers and patients from the growing threat of cyberattacks.
Federal Response and Criticism
The response from the Department of Health and Human Services (HHS) has been criticized for being fragmented and inadequate. Many stakeholders, including lawmakers and cybersecurity experts, argue that the current strategy relies too heavily on voluntary compliance and self-regulation, which have proven ineffective against sophisticated cyber threats. Senator Ron Wyden has called for a more robust approach to health care cybersecurity, asserting that the existing strategies leave the system vulnerable to attacks.
Recent High-Profile Incidents
In 2023, significant ransomware incidents included a cyberattack on OneBlood, a nonprofit blood donation service, which disrupted hospitals’ access to blood supplies in the Southeast. Additionally, a breach involving the Centers for Medicare & Medicaid Services (CMS) exposed sensitive data of over three million beneficiaries, further illustrating the scale and impact of cyber threats in the health care sector.
The Need for Enhanced Security Measures
Experts advocate for stronger mandates and incentives to ensure that health care organizations adopt essential cybersecurity practices. The HHS’s recent cybersecurity strategy has been criticized for its limited goals, and while there are plans for future funding and enforceable standards, the timeline for implementation is lengthy, potentially leaving the sector vulnerable in the interim. The call for a comprehensive and proactive approach to cybersecurity in health care is more urgent than ever, given the increasing frequency and severity of ransomware attacks.
Critics call feds’ response to health care industry cyberattacks feeble and fractured
Sep. 24 / Pennlive “ By Darius Tahir, KFF Health News (TNS) Central Oregon Pathology Consultants has been in business for nearly 60 years, offering molecular testing and other...
U.S. govt agency CMS says data breach impacted 3.1 million people
Sep. 24 / Bleepingcomputer “ The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three...