Alarms over healthcare cyberattacks are getting louder



cybersecurity alarm bells ringing in the healthcare industry this month, as the FBI joins Congress in taking medical device vulnerabilities seriously. The warnings come amid growing awareness of how dangerous cybersecurity holes in healthcare can be. "I do believe we’re making strides in finally actually addressing ransomware," said an armis chief.




Cybersecurity alarm bells have been ringing loudly in the healthcare industry this month. The FBI warned healthcare facilities that medical devices (like patient monitors or infusion pumps) often run on outdated software that could be vulnerable to hacks. OakBend Medical Center in Texas was hit with a major ransomware attack from a gang that says it stole 1 million patient records. A report showed that patients at hospitals dealing with cyberattacks are more likely to die.


The series of warnings come with a growing awareness of just how dangerous cybersecurity holes in healthcare can be. Healthcare organizations are more and more dependent on internet-connected devices to do things like track patient records and deliver medications. And they’re increasingly a target for ransomware attacks, which can steal data and shut down the systems they use to deliver care.


Experts spent years frustrated that hospitals weren’t taking cybersecurity seriously. But over the course of the COVID-19 pandemic, that tide started to shift. With its warning this week, the FBI joins Congress in taking medical device vulnerabilities seriously — earlier this summer, senators proposed legislation that would require the Food and Drug Administration to put out more regular guidelines around medical device cybersecurity. The FDA asked for more power to make rules around cybersecurity, as well.


There’s also more awareness around the ways cyberattacks can hurt patients, which many people in healthcare had been reluctant to acknowledge. A cyberattack at the University of Vermont Health Network during the pandemic gave researchers an opportunity to show clearly that these disruptions degrade patient care. Last year, a survey found that over two-thirds of healthcare organizations hit by ransomware had longer hospital stays for patients and delays in procedures during the attacks. In the new report from a think tank in Washington, DC, a quarter of organizations dealing with ransomware said they had higher mortality rates.


Incidents like the hack on the OakBend Medical Center are so common these days that they barely register on the national news barometer. Most people don’t realize that they’re happening so regularly — or that they’re so dangerous. But with things like congressional action and FBI warnings picking up steam, experts are hopeful that cybersecurity is finally starting to become a priority. “I do believe we’re making strides in finally actually addressing ransomware,” Oscar Miranda, chief technology officer for healthcare at cybersecurity company Armis, told The Verge last year.

Oakbend Medical Centerのハックのような事件は非常に一般的であるため、National News Barometerにかろうじて登録していません。ほとんどの人は、自分が非常に定期的に起こっていることに気づいていません。しかし、議会の行動やFBIの警告が蒸気を拾うなどのことで、専門家はサイバーセキュリティが最終的に優先事項になり始めていることを期待しています。サイバーセキュリティ会社Armisのヘルスケアの最高技術責任者であるオスカーミランダは、昨年、The Vergeに語った。