You’ve probably heard (or even written about) recent ransomware attacks on hospitals. The FBI warned hospitals several days ago of the likelihood of attacks with the Ryuk ransomware and, sure enough, numerous hospitals have been hit, forcing some to resort to paper, the last thing they need with COVID-19 cases again spiking. Others have shut down email.
The Russian hackers behind the attacks are asking for thousands or even hundreds of thousands of dollars in the form of bitcoin and with, hospitals facing the third wave of the pandemic, they expect to get it.
This is not a new thing; hospitals have been prime targets for cyber attacks for more than a decade, ever since the advent of electronic health records (this article in the HIPAA Journal tracks the uptick in attacks between 2009 and 2019). But the pandemic is bringing these attacks to a new high. Reuters reports that ransomware attacks overall are 50% higher over the past three months, with nearly twice the number of health care organizations impacted in the third quarter of 2020 than the previous quarter.
Which means this is not a one-time-thing, but an ongoing story you need to cover. If you’re new to reporting on cybersecurity issues in health care, check out this tip sheet from Rebecca Vesely. It offers everything from definitions to resources.
Try to go beyond the daily impact on your local hospitals to explain just why hospitals are so often targeted. Vox has a good story out with links that highlight the value in hitting hospitals and health care organizations. Another angle is the fact that hospitals are notoriously bad about cybersecurity.
Ask your sources what they’re doing to protect themselves from this attack and future ones. Laura Dyrder from Becker’s Health IT has a good story on proactive steps hospitals are taking. One question to ask (but to which you probably won’t get an answer) is whether hospitals are paying the ransom. The FBI urges them not to; but when there are lives at stake it can be hard to say no.
Karen Groppe, senior director of strategic communications at HIMSS, can put you in touch with experts. Also reach out to the press office at the American Hospital Association. Cybersecurity firms are another go-to source. A good compilation of commercial and not-for-profit organizations are here, including the Association for Executives in Healthcare Information Security.
One thing is for sure: this is a story that isn’t going away. Kind of like COVID.