The increased use of electronic records by hospitals and other healthcare organizations leaves them vulnerable to cyberattacks. One of the types of hacks that healthcare administrators fear the most are ransomware attacks.
These types of attacks use malware that when unwittingly activated locks up an organization’s computer system until the attackers receive payment or “ransom.”
Several high-profile ransomware attacks were executed on hospitals in 2016. The most prominent victims included MedStar Health based in Maryland and LA’s Hollywood Presbyterian Medical Center.
In the case of Hollywood Presbyterian Medical Center, hackers seized control of the institution’s computers on February 5 and prevented the hospital’s staff from communicating from these devices. The Center paid $17,000 in bitcoin to the hackers to recover the use of their computers. The FBI is currently investigating the attack.
Such cyberattacks can have a devastating affect on patient care, and stakeholders fear that ransomware attacks will increase in frequency unless healthcare organizations strive for increased cybersecurity.
An editorial by Ron Shinkman in FierceHealthcare summarized alarming statistics on the state of cybersecurity in the healthcare industry. An IBM report from early 2016 concluded that the healthcare sector was the top target for cyberattacks in 2015. According to the Ponemon Institute, US hospitals are being hit with ransomware attacks almost monthly.
A joint survey by Bloomberg Law and the American Health Lawyers Association found alarming results in its poll of corporate attorneys and in-house counsel:
- 96% expect an increased number of cases involving cybersecurity
- 57% expect the increase to be significant
- Only one quarter of the respondents thought that the healthcare organizations they represent are “very prepared” to handle such attacks
- 70% said they were “somewhat prepared” with 5% not at all prepared
Bloomberg Law’s VP and general manager Scott Falk told FierceHealthcare that the respondents overwhelmingly agreed that “it is important to improve formal cybersecurity education and training for healthcare lawyers.” Falk also called such increased training a “critical need.”