Cyberattack hits US hospitals, disrupts emergency services

The White House monitoring the situation

As per an Associated Press report, the White House said it was monitoring the situation and offered federal assistance to the company. Adrienne Watson, a spokesperson for the National Security Council, said in a statement that “the Department of Health and Human Services has been in contact with the company to offer federal assistance, and we are ready to provide support as needed to prevent any disruption to patient care as a result of this incident.”

The FBI in Connecticut said it was working with law enforcement partners and the victim entities, but did not provide any details about the nature or motive of the attack.

John Riggi, the American Hospital Association’s national advisory for cybersecurity and risk, said the recovery process from such attacks can take weeks, and that hospitals have to rely on paper systems and human intervention to keep functioning.

“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi said.

He also said that paying ransoms to the attackers is not advisable, as it encourages more attacks and does not guarantee the safety of the stolen data.

Critical impact on the medical infrastructure

The cyberattack had a significant impact on health services in several states. In Connecticut, two hospitals had to close their emergency departments for most of Thursday and send patients to other nearby medical centers. Elective surgeries, outpatient appointments, blood drives, and other services were also suspended at many facilities. The emergency departments reopened late Thursday, but many primary care services remained closed on Friday.

The attack disrupted services at various other facilities nationwide. For example, in Pennsylvania, four facilities suffered from the attack, such as the Crozer-Chester Medical Center in Upland and the Springfield Hospital in Springfield. In California, the company operates seven hospitals in Los Angeles and Orange counties, which include a 130-bed acute care hospital in Los Angeles and two behavioral health facilities.

The company said it was contacting patients individually to inform them about the status of their appointments and services. It also apologized for any inconvenience caused by the cyberattack.

Data breaches in healthcare industry

According to IBM’s annual report on data breaches, the healthcare industry was the hardest hit by cyberattacks in the year ending in March. For the 13th straight year, it reported the most expensive breaches, averaging $11 million each. Next was the financial sector at $5.9 million.

Sensitive patient data, such as healthcare histories, payment information, and even critical research data, make healthcare providers attractive targets for criminal extortionists, Riggi said.

According to Riggi, who is also a former cybersecurity specialist with the FBI, hospitals have been trying to improve their security and backup systems to avoid and deal with such attacks. But he said it is very hard to make them totally secure because they need to use the Internet and network-connected technologies to exchange patient information among clinicians involved in a patient’s care.