Cyberattacks on Hospitals Endanger Patient Care, Not Just Information

Cyberattacks on Hospitals Endanger Patient Care, Not Just Information

In recent years, hospitals have become frequent targets of cyberattacks that compromise crucial technology systems for managing patient care. The implications of these attacks are enormous, with experts likening them to public health disasters on the scale of earthquakes or hurricanes. However, many hospitals are ill-prepared for prolonged outages resulting from cyberattacks, and the federal government has yet to establish required protocols or standards to safeguard patient safety in the event of such incidents.

The focus on protecting patients’ sensitive health information has shifted to concerns about the physical harm that patients could suffer as a result of cyberattacks. A recent ransomware attack against Ascension, one of the nation’s largest health systems, highlighted the grave consequences of such breaches. Clinicians were locked out of electronic health records, medication systems, and other vital technology systems for weeks, leading to delayed lab results, medication errors, and a lack of routine safety checks to prevent potentially fatal mistakes.

Despite federal requirements for hospitals to protect patient data, there are currently no mandates for hospitals to implement basic cybersecurity protocols. The absence of measures such as multifactor authentication, email controls, and cybersecurity training for employees leaves the health sector vulnerable to cyber threats. However, the Biden administration has signaled its intent to introduce mandatory cybersecurity measures in the near future.

Denise Anderson, president of the Health Information Sharing and Analysis Center, noted the historical focus on data privacy and HIPAA in the health sector, with cybersecurity being a secondary concern. Lawmakers, including Senator Ron Wyden, have expressed dissatisfaction with the current self-regulation approach to healthcare cybersecurity, calling for stronger safeguards to protect the health care system from criminals and hackers.

In response to claims that patient care has been compromised by the ransomware attack, Ascension has maintained that its care providers continue to deliver quality medical care. Nonetheless, the harrowing experiences recounted by doctors and nurses within the health system underscore the urgent need for enhanced cybersecurity measures to protect patients and maintain the integrity of healthcare services.

In conclusion, the increasing frequency and severity of cyberattacks on hospitals pose significant threats to patient safety and the continuity of care. The lack of mandatory cybersecurity protocols leaves the health sector vulnerable to malicious actors, highlighting the need for comprehensive measures to safeguard patient data and prevent disruptions in healthcare services. Lawmakers, cybersecurity experts, and healthcare professionals must work together to address these challenges and ensure the resilience of our healthcare infrastructure in the face of evolving cyber threats.