Health Care Organizations Must be Prepared for Cyberattacks
Hospitals and health care providers must use private, enterprise-grade communication platforms to conduct telehealth appointments.
As the COVID-19 pandemic wanes, the threat of cybercriminals masterminding ransomware attacks on businesses is a growing concern, especially in the health care industry. Ransomware is malicious software — or malware — that encrypts files on a computer system, enabling a cyber thief to steal data. The attacker then demands ransom from the victim to restore access to the date upon payment. The costs can range from a few hundred dollars to thousands, usually payable in Bitcoin.
Ransomware attacks pose a new worry for patients and health care providers alike, as cyberattacks have been prompted by the rapid adaptation of telework and telehealth in the health care industry. During pandemic-related shutdowns, many patients, especially those in the 60-plus age group, have relied on contactless, telemedicine alternatives to in-person health care visits. As the founder of a group of New York City-based skilled nursing facilities, our team provides such cutting-edge technology as robotics and telehealth options for our residents and the threat of those systems being hacked was, and is, ever-present.
What Kind of Threats Are Out There?
While these virtual-care options can be highly beneficial to both health care providers and patients, the increased use of digital tools has left more people and organizations vulnerable to cyberattacks. Especially as many providers conduct visits on platforms like Zoom, FaceTime and Skype, where cybercriminals have easily found security gaps because physicians and other health care professionals often conduct these visits from unsecured home networks.
While telehealth has been a lifeline for millions of patients, hospitals are very aware of these growing cybersecurity risks. Ryuk, a sophisticated ransomware group, has been threatening businesses, hospitals, government institutions and other organizations since 2018. The group behind this cyber threat uses manual hacking techniques and other tools to move through private networks and gain administrative access to as many systems as possible, such as imaging equipment, and then initiates file encryption.
Universal Health Services (UHS) Hospitals, one of the largest health care providers in America, had its computer systems shut down by a Ryuk hit in September 2020, resulting in serious patient-care delays. That same month, a ransomware attack at the University Hospital Düsseldorf in Germany forced staff to postpone planned treatments, leading some patients to turn to alternate medical facilities and resulting in one patient's death.
Recently, the New York Times reported on a cyberattack on Ireland's health system that paralyzed the country's health services for a week. In California, Scripps Health, which operates five hospitals and several clinics in San Diego, was crippled by a ransomware attack that compromised its data.
What Can Health Care Organizations Do to Stop Cyberattacks?
Hospitals and health care providers must use private, enterprise-grade communication platforms to conduct telehealth appointments. Better encryption and unique privacy settings for doctor-patient conversations provide the means to strengthen health care cybersecurity.
Health care organizations should also educate their own workforce on cyber threats as well as the newest cybersecurity solutions. This is especially critical when accessing health care records online. Establishing policies for all employees who access and manage such records can keep patient data safe and secure. Budgeting funds for proactive cybersecurity measures and hiring the best talent to train on security practices is another effective weapon in a provider's arsenal against cyberattacks.
At The Allure Group, for instance, we employ state-of-the-art firewalls, which enable internet traffic and failover and log every user's internet traffic. In addition, software is in place that flags all emails from outside the company, thereby alerting users to possible phishing and ransomware attacks.
It is critical for those in the health care industry to understand that they can become a target, no matter their size, and be prepared, as this is the best defense against cybercriminals.
