The following is a guest article by Errol Weiss, Chief Security Officer at Health-ISAC
The constant swarm of attacks from all sides aimed at the global health sector in recent years has reached even greater heights. A recent joint bulletin from the American Hospital Association (AHA) and the Health Information Sharing and Analysis Center (Health-ISAC) raised alarms over a social media post referencing a coordinated, multi-city terrorist plot targeting U.S. hospitals.
While the FBI’s investigation found no credible threat, experts have warned that the viral post, whether real or fake, may still inspire copycat actions or lone-wolf attacks. Attacks like that can cause serious disruption in a sector already stretched thin because of competing resource needs. As a result, healthcare organizations now face the challenge of preparing for a threat that may not be real but could still have devastating consequences. Fortunately, there are steps hospitals can take to increase their resilience in the face of escalating threats.
The Danger of a Poor Response
The terrorist threat warning acted as a wake-up call for hospitals about something they should be aware of at all times: the health sector is always under attack from all sides and in multiple forms, both physical in the form of attacks on healthcare facilities and workers, and digital, often in the form of ransomware. Just over a year ago, a ransomware incident at Change Healthcare, one of the largest healthcare payment processors in the U.S., sent shockwaves through the industry. The breach disrupted billing, prescriptions, and insurance claims across hospitals and pharmacies nationwide, delaying care for millions and straining already overburdened systems. It also exposed the personal data of more than 190 million people.
Since then, it seems like once a month a new successful ransomware attack that shuts down hospital systems appears in the news, damaging patient care. One report showed that cardiac arrest deaths significantly increased as a result of delayed care. Patient monitoring devices and electronic health record (EHR) systems may also fail, causing a further degradation of patient care when doctors are unable to access necessary information.
Ultimately, ransomware criminal gangs now treat hospitals as high-value, low-resilience targets, knowing that downtime can endanger lives and force quick payouts to secure the release of essential systems and data. It’s time for a coordinated response.
Move Fast and Move Together
Hospitals must immediately change their security posture to defend themselves against ongoing threats in any form. While this article focuses on digital threats, healthcare providers must take physical threats, like the terrorist threat mentioned earlier, just as seriously. Addressing those physical security risks requires a separate, comprehensive strategy that falls outside the scope of this piece, but they remain a critical part of the industry’s overall security posture.
As far as responding to digital threats, the priority must be to lock down external access points. Hospitals should review who can access their computer systems from the outside, for example, employees working remotely or vendors connecting off-site. Turn off any accesses that aren’t being used, for example, when a staff member resigns. Require strong passwords and multifactor authentication for accounts that remain to make sure only the right people can remotely log in. Many attacks start when hackers find a weak spot in these remote connections.
Also, data backups are extremely important. Ensure that backups are offline, encrypted, and tested regularly. This includes EHRs, diagnostic systems, and financial records. A working backup can mean the difference between hours of downtime versus months to rebuild.
Next, run internal exercises to test your response to attacks. Hospitals should simulate a ransomware or physical security incident with all key departments, including clinical, IT, legal, and communications, to identify response gaps in real-time. Fast recovery depends on practiced coordination.
Finally, share what you know with other hospitals and industry leaders through information sharing networks (like Health-ISAC) and online communities, leading industry publications, or at conferences. Sharing threat intelligence and best practices and collaborating with your peers are the backbone of resilience. Report attacks, especially ongoing campaigns, and share about the preventative and responsive measures that have had the greatest success in evading threats in the past. Hospitals that prepare now have an opportunity to decrease the impact from cyber incidents and breaches, which will ultimately improve patient outcomes throughout the coming years.
Facing Reality
Unless the healthcare industry shifts its posture to increase security, attacks will continue to grow in number and severity. That is the future healthcare organizations must prevent through advanced technology and collaboration at all levels of the industry.
Fortunately, the outlook isn’t all bad for the industry. When the potential terrorist threat surfaced on social media, organizations spread the word and immediately began to strengthen physical and cybersecurity measures. That rapid response proves one thing: when the healthcare industry collaborates, shares threat intelligence, and moves together, it can protect both its systems and the lives that depend on them.
About Errol Weiss
Errol Weiss is Health-ISAC’s Chief Security Officer. He has over 25 years of experience in Information Security, beginning his career with the National Security Agency conducting penetration tests of classified networks. He created and ran Citigroup’s Global Cyber Intelligence Center and was a Senior Vice President Executive with Bank of America’s Global Information Security team.
Errol has an M.S. in Technical Management from Johns Hopkins University and a B.S. in Computer Engineering from Bucknell University.
No comments:
Post a Comment