Portsmouth, Ohio Southern Ohio Medical Center canceled an appointment today (January 12 local time) and diverted ambulances after a cyberattack Thursday local time. It is part of a series of escalating attacks on health facilities over the past two years - a trend that could have serious consequences for patient care.
But while it is clear to information technology experts that the risk of cyberattacks damaging patient data and shutting down computer systems is on the rise, patients do not appear to be aware of it, according to a new report by Armis, a cybersecurity firm. In fact, more than 60 percent of the public surveyed in the new report said they had not heard of any cyberattacks in the medical field in the past two years.
While cyberattacks on health facilities have doubled in 2020, high-profile incidents such as the attack on hospital chain Universal Health Services and a major threat from groups using ransomware Ryuk. Experts were shocked by the scale of the attacks during the COVID-19 pandemic, which they say has been more aggressive in targeting hospitals than ever before.Unlike attacks on banks or schools, these attacks are common and can directly harm people.
Caleb Barlow, CEO of Cybersecurity consultancy CynergisTek, told The Verge last year: "It crosses a line that I don't think the entire cybersecurity community thinks will be crossed any time soon. ”
Armis' report surveyed 400 IT professionals in the healthcare industry and more than 2,000 people who could become patients at medical facilities across the United States. Although the number of people surveyed is small, the results show that the public is generally unaware of cyberattacks in the healthcare industry unless they are directly affected by them.
While 61 percent of potential patients surveyed had not heard of cyberattacks in the medical industry in recent years, about a third said they had been victims of cyberattacks on healthcare systems.
"Attacks on hospital systems are really not the most important until they directly affect you," said Oscar Miranda, Chief Technology Officer for Healthcare at Armis. ”
The report also points to a gap between people's perception of medical cyberattacks and their level of concern about the issue. About half of respondents said they would change hospitals in the event of a cyberattack, and more than 70 percent said they thought the attack would affect their treatment.
These concerns are justified: medical institutions say ransomware can delay a patient's surgery and may lead to longer hospital stays. An analysis by the U.S. Cybersecurity and Infrastructure Security Agency also showed that hospitals battling ransomware attacks reached the tipping point associated with excess deaths faster than those that did not.
Cybersecurity has never been a priority for medical institutions, many of which do not have the resources to invest in the sector. But the surge in ransomware attacks on hospitals over the past two years, coupled with new research showing a link between cyberattacks and health outcomes, is driving change in the group. In the Armis survey, three-and-a-thirds of IT experts said the steady pulse of news about ransomware attacks had led to more investment in cybersecurity.
"I believe we're making progress in finally really addressing ransomware," Miranda said. ”