The healthcare sector faces a significant increase in cybersecurity threats putting patients’ lives and personal data at risk. Last week U.S. senators heard warnings from healthcare industry experts on the importance of cybersecurity in the healthcare industry.
On Thursday, March 16 witnesses testified in front of the Senate Homeland Security and Governmental Affairs Committee highlighting the severity of cyberattacks on healthcare systems and how they can affect patient care as well as compromise sensitive medical information, and they are a threat that seems to be growing. Recent reports have shown ransomware attacks on American hospitals have doubled since 2016.
“Healthcare is a rapidly growing sector of our economy that employs more than 18 million workers, and is made up of both public and private sector organizations related to patient services, medical devices and manufacturers, and electronic health and medical records, that store considerable amounts of personal information, making them frequent targets of attacks,” Sen. Gary Peters (D-Mich.) said in his opening statement. Peters chairs the committee. “Cyberattacks on hospitals, and other healthcare providers, can cause serious disruptions to their operations, and prevent them from effectively providing critical, lifesaving care to their patients. Breaches can also lead to the exposure of sensitive personal and medical information of patients and health care personnel.”
A provision authored by Sen. Peters and Sen. Rob Portman (R-Ohio) to enhance the country’s ability to combat cybersecurity threats against critical infrastructure was recently signed into law as a part of the government funding legislation. The provision requires critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they are experiencing a substantial cyberattack and within 24 hours of making a ransomware payment.
“This law will help ensure that government is able to better track cybersecurity threats to our critical infrastructure, provide more transparency and situational awareness for our cybersecurity defenses, and enable CISA to warn potential victims of ongoing attacks, so they know if they could be a target next,” Peters said during the hearing.
Last week’s hearing also highlighted why rural healthcare providers are especially vulnerable to attacks. In her testimony, Kate Pierce of Fortified Health Security, mentioned budget constraints and lack of cybersecurity staffing as some challenges.
“Smaller facilities, from my experiences, most of them have no staff that are directly assigned to cyber or they have very limited staff in that area,” Pierce said.