Cyberattacks Undermining Patient Care in Health Systems

Cyberattacks on the U.S. Healthcare System
Cyberattacks on the U.S. Healthcare System. Credit | janiecbros

United States: According to experts, the number of cyberattacks has surged in recent years, stressing every aspect of the country’s health care system, from biomedical facilities and hospitals to physician practices and payment processing firms. These attacks have disrupted patient care and cost the industry billions of dollars in losses.

Growing Threat Landscape

During a recent virtual event presented by U.S. News & World Report, Erik Decker, vice president and chief information security officer at Intermountain Health, stated that overcoming the formidable challenge faced by hackers needed a “adversarial mindset.” Health care leaders must contend with the threats posed by sophisticated criminal organizations that “have a big desire to make a big difference.” Decker, who also holds the position of chairman of the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council, a coalition of industry associations and their members, said.

Tactics Employed

According to Decker, there are essentially three main routes for attackers to enter a network. One method is via use of social engineering. That’s the phish, then. It’s the email that you click to open that contains virus. According to him, since these attacks are now more effectively handled, scammers are increasingly posing as authorized users when they call the support desk. According to Decker, they can request the enrollment of an additional device using, for example, “the last four digits of your social security number and date of birth,” which are credentials they have already obtained from another source. “Then they announce, ‘Hey, I got a new phone.'” “I need to re-enroll my new phone,” and the individual at the service desk gladly complies if it’s based on identity verification.

Vulnerabilities Exploited

He clarified that another breach may occur from a system or device that is improperly setup and posted online, where malicious actors could take advantage of it. The third method involves establishing a dangerous link with a third party, like an unattended remote access system. One of those three methods was the initial point of intrusion for “pretty much every single ransomware attack that you’ve seen or heard about in the news,” he claimed.

Impact on Patient Care

Cybercriminals hit the active directory once they are inside the system, Decker continued. Since the Windows administrator is the one with access to the credentials, they target their workstation. Additionally, Maiffret clarified this: “They’re trying to obtain domain administrator, which kind of has the complete keys to the kingdom.

How do tiny, rural, or financially strapped companies respond to these expensive yet vital cyberthreats? Zeynalov stated, “There are 2,500 hospitals with less than 100 beds, and they have the exact same concerns.” “We must band together and exchange defensive tactics.”

Call for Action

Zeynalov also mentioned the role that government can play in providing resources. Decker mentioned the budget for the Biden Administration’s fiscal year 2025, which allotted $1.3 billion through HHS to support the adoption of recently released advanced cybersecurity practices by hospitals, especially those that lack adequate funding. Comparable to electronic medical records, Decker stated that there is a genuine need for “a stimulus for, specifically, the needs-based hospitals, the small, rural, critical access hospitals, and so forth, to establish essential cybersecurity practices.”