Tag Archives: cybersecurity

U.S. hospitals brace for potential Russian cybersecurity attacks

A building in Kiev, Ukraine with Ukranian flag  (Photo by Marjan Blan | @marjanblan on Unsplash)

Russia’s invasion of Ukraine has the potential for trickle-down impacts on U.S. hospitals in the form of cybersecurity attacks. 

While there have been no specific cyber threats to the U.S. to date from the invasion, Russia’s attack on Ukraine — which has involved cyberattacks on Ukraine’s government and critical infrastructure organizations — may impact organizations beyond the region, the national Cybersecurity and Infrastructure Security Agency (CISA) said. 

“Every organization — large and small — must be prepared to respond to disruptive cyber activity,” the agency said. Its Shields Up website includes a catalog of free services to help organizations reduce the likelihood of a damaging cyberattack and ensure they are well prepared if an intrusion occurs. It also contains suggestions for corporate leaders and CEOs and a guide to handle responses to ransomware attacks. 

Journalists could find interesting stories by interviewing hospitals about what they are doing to protect their staff and patients, or cybersecurity firms on tips to implement.

The American Hospital Association warned its nearly 5,000 members to increase their defenses against potential Russian attacks and consider blocking internet traffic to and from Russia and Ukraine, John Riggi, the organization’s national adviser for cybersecurity and risk, told Politico.   

“Our organizations are continuously being probed and scanned from Russia, China, Iran and North Korea thousands of times a day, literally, whether it’s a small critical access hospital or the largest systems,” he said in the news article.

Riggi will be a panelist at AHCJ’s upcoming Health Journalism conference in Austinspeaking about hospital ransomware attacks and what hospitals can do. The session will be held from 4:40-6:00 p.m. on Saturday, April 30.

Continue reading

Cybersecurity attacks top list of health technology hazards for 2022

In January, nonprofit patient-safety organization ECRI released a report of the top 10 health technology hazards for 2022. Health IT concerns made up half of them. Reviewing the list — compiled by the organization each year in response to member surveys, literature reviews, testing medical devices in their lab and investigating patient safety incidents — can provide journalists with a good primer on trends to watch. The annual report identifies potential sources of danger the organization believes warrant the greatest attention.

Perhaps unsurprisingly, cybersecurity attacks ranked at the top of the list. All health care organizations are subject to cybersecurity incidents, the report noted: “The question is not whether a given facility will be attacked but when.” A cybersecurity incident could threaten network-connected medical devices and data systems that have become essential for safe and effective care delivery, the authors wrote. “Consequences may include rescheduling of appointments and surgeries, diversion of emergency vehicles, or closure of care units or even whole organizations — all of which could put patients at risk.”

“Responding to these risks requires not only a robust security program to prevent attacks from reaching critical devices and systems, but also a plan for maintaining patient care when they do,” they said.

Acknowledging this concern, manufacturers are more often building in security features to the design of medical devices, said Kevin Fu, Ph.D., acting director of medical device cybersecurity at the U.S. Food and Drug Administration’s Center for Devices and Radiological Health and program director for the Digital Health Center of Excellence, during a ECRI webcast about cybersecurity.

Continue reading

FDA issues another reminder about the risks of connected medical devices to hacking

In recent years, as medical devices have become more connected, cybersecurity experts have sounded the alarm on their vulnerabilities.

A panel at Health Journalism 2018 covered the topic, with experts encouraging reporters to ask their local hospitals about plans to safeguard medical devices from cyber threats. Continue reading

Survey: People trust their smartphones more than hospitals with their personal data

Photo: HP Samsung Terbaru via Flickr

Nearly half of consumers believe their personal health information is more secure on their personal electronic devices – smartphones, laptops and tablets – than it is on their health care providers’ computer systems.

This high level of mistrust in health entities’ handling of personal data is among the findings of a recent survey of 1,000 consumers by the cybersecurity firm Morphisec. Benjamin Harris of HealthcareITNews reported on the survey. Continue reading

WSJ reporter digs deeper into global cyberattacks

Photo: Anoto AB via Flickr

Melanie Evans has been covering hospitals for many years, including for Modern Healthcare and now The Wall Street Journal. But she was not an expert on cybersecurity when the WannaCry ransomware cryptoworm began making its way through computer systems across the globe in May.

Evans eventually found a great and largely uncovered story about cyberattacks and the lack of public reporting disclosures at hospitals: “Why some of the worst cyberattacks in health care go unreported.” Continue reading