Cyberattacks growing on hospitals, healthcare agencies
HOUSTON - Closed emergency rooms, ambulances having to be diverted, and canceled appointments – those are some of the effects of cyberattacks on some hospitals around the country this month, and the problem is getting worse.
In Texas, American National Group, CentroMed TX, and Harris Health System were also just recently hit by cyberattacks, among the 70 hospitals and healthcare entities breached in the state in the last two years, according to the U.S. Department of Health and Human Services Office of Civil Rights.
Experts say these cyber-attacks are growing and putting your security at risk.
A ransomware attack this month hit hospitals and medical facilities at Prospect Medical Holdings sites in Connecticut, Pennsylvania, Rhode Island, and Texas.
"It appears data was stolen from the organization, and they were locked out of their system which led to emergency rooms not being able to accept patients, and ambulances being diverted," said Chris Nottingham with Check Point Software.
Cyberattacks on hospitals and healthcare agencies have been rising. HHS Office of Civil Rights reports show 295 in just the first half of this year.
A recent IBM report found the average cost to a hospital hit by a cyberattack is $11 million.
Hackers go after hospitals the most, according to a report by cyber security experts at Lumu, because their top priority is to protect patient care.
"The sense of urgency for these healthcare systems to want to react and pay quickly when they’re attacked by these organizations is higher, and they have a bigger attack surface," said Nottingham.
SUGGESTED: More parents unknowingly buying counterfeit child car seats
That bigger attack surface usually includes having multiple facilities with large staffs using computers, and electronic medical records and equipment.
"When you go into the hospital, that blood pressure monitor is connected to the internet, is connected to the network. The oxygen monitor is connected also to the network," explained Ricardo Villadiego, CEO of Lumu.
But the Texas Hospital Association says most of these attacks happen through phishing, malware, and ransomware.
"The bulk of them are not compromised because of a medical device being exploited," said Dr. Fernando Martinez, Chief Strategy Officer with the Texas Hospital Association.
SUGGESTED: How to protect your home and furniture from flood damage
"They’re exploited either through emails that have an attachment that compromises the machine, the network of the individual, or the perimeter, the computer environment, or the network for these organizations is not secure," said Martinez.
So should we, as patients, be concerned?
"Anything is possible, but I think going into hospitals is an extremely secure activity and hospitals are very well-versed in what the risk environment is and how to prepare for it," said Martinez.
Cybersecurity experts say whether you've recently been a patient or not, check any explanation of benefits you receive to make sure no one else is filing claims against your insurance.
They advise you to check your credit reports and bank statements regularly for any suspicious activity. And be sure to use two-factor authentication and different passwords for all of your digital accounts.