Congress is increasingly sounding the alarm against cyberthreats targeting the healthcare sector.
Several lawmakers have stepped up efforts to protect the industry amid rising cyberattacks by introducing policies and recommendations aimed at addressing and mitigating such threats. I’m here.
“Over the past decade, Americans have witnessed increasingly brazen and destructive attacks on the health care sector that compromise sensitive personal information, delay care, and ultimately lead to increased suffering and death. Senator Mark Warner (D-Va.), chairman of the Senate Intelligence Committee, said before outlining recommendations on how the federal government can improve security standards in the sector to combat these attacks. , noted in a report published this week.
The report is divided into three sections to help the federal government improve the national cybersecurity risk posture in the health sector, help the private sector mitigate cyber threats, and help health care providers respond to cyberattacks. to help you recover.
Christopher Plummer, senior cybersecurity architect at Dartmouth Health, said:
“Just seeing this approved in writing from this level of government gives a lot of hope,” Plummer added.
Plummer said the growing challenge of cybersecurity insurance and the shortage of cyber workers across the industry were among several topics in the report that resonated with him.
He added that the resources hospitals need to combat threats vary greatly depending on the company’s size and cyber capabilities.
“What we do with this report as a country is an important next move,” Plummer said.
“The points of discussion are on the table. Now is the time to address these challenges in substance,” he added.
The healthcare sector is particularly vulnerable to cyberattacks because it stores sensitive data and manages patient safety and health.
Experts say the industry is a prime target for cybercriminals because some hospitals are willing to pay ransoms to save lives and recover stolen data. They said it could be a matter of life and death in certain situations.
They also say hackers are also targeting sensitive information related to medical research and technology.
The number of attacks against healthcare organizations increased 90% in the second quarter of this year compared to the first quarter, according to an August report from Kroll, a research and risk consulting firm.
The report also found that ransomware was the most common type of cyberattack used against the healthcare sector, closely followed by email compromise.
The report’s Warner also said cyberattacks targeting healthcare providers will reach an all-time high in 2021, citing research that found more than 45 million people were affected by such attacks. doing.
Warner is the latest among many lawmakerss Who has issued warnings and taken steps to address the issue in recent months.
Senator Angus King (Maine-Maine) and Rep. Mike Gallagher (Rep-Wisconsin) have also expressed concern.
In August, lawmakers sent a letter to the Department of Health and Human Services (HHS) urging them to better protect the medical and public health sectors from the growing cyberthreats targeting the industry.
“As cyber threats grow exponentially, we must prioritize addressing the following issues: [health care and public health] King and Gallagher, co-chairs of the Cyberspace Solarium Commission, said:
“ransomware attack on [health care and public health] The sector has surged in the past two years as opportunistic criminals realized that hospitals could pay quickly to fix problems and keep patients safe,” the letter said.
In the letter, lawmakers requested an emergency meeting with the Biden administration’s health officials and asked for an update on the current cyber regime. They also said they were concerned about HHS’ lack of timely information sharing on ongoing threats with industry partners.
Senator Jackie Rosen (D-Nevada) is another senator who has called on the federal government to do more to protect critical infrastructure, including the healthcare sector, from cyberattacks.
In March, she and Senator Bill Cassidy (R-LA) called for the Cybersecurity and Infrastructure Security Agency (CISA) to work with HHS to improve cybersecurity standards in the medical and public health sectors. introduced a bipartisan bill.
The law also mandates that both agencies share information with the private sector to improve cyber resilience.
As lawmakers take these steps, federal agencies are monitoring the industry and alerting the public to the current cyberthreats facing the industry.
Over the summer, US federal agencies issued warnings that ransomware known as “Maui” was targeting organizations in the US medical and public health sector. Ransomware is linked to the North Korean government.
Also, institutions discouraged health care providers from paying ransoms because paying a ransom does not guarantee recovery of stolen data. We recommend reporting ransomware attacks to law enforcement.
“When it comes to cyberattacks affecting patient care, the question is not whether or when it will matter anymore, but how often and with what devastating consequences,” Warner said. said in the report.
