The level of successful cyberattacks on hospitals has shocked many over the past few weeks. United Health Services’ computer network including patient and clinical data and laboratory systems was taken down, with the organization struggling for days to digitally recover its 400 hospitals. Similarly, Ashtabula County Medical Center in Ohio was taken offline for days and the organization had to postpone elective procedures. Most tragically, a German woman became the first-known person to die at the hands of cyberattack after hackers targeted her hospital with ransomware. The depths of cybercrime are undoubtedly reaching new lows and the threat to patient safety is growing exponentially higher as the line between digital and physical attacks blurs.
Amidst this flurry of high-profile attacks comes National Cyber Security Awareness Month; a poignant reminder that, for hospitals and healthcare providers, cyberattack prevention and business continuity is truly a matter of life and death. Over the course of the pandemic, we have seen ransomware and phishing attacks against healthcare institutions — viewed by cybercriminals as vulnerable and profitable targets — dramatically skyrocket. The trend is only expected to continue, and it is clear that healthcare providers cannot wait to reevaluate their cybersecurity practices and infrastructure at a less burdensome time. But where, in an ever-evolving threat landscape, should healthcare organizations focus their attention?