Cybersecurity alarm bells have been ringing loudly in the healthcare industry this month. The FBI warned healthcare facilities that medical devices (like patient monitors or infusion pumps) often run on outdated software that could be vulnerable to hacks. OakBend Medical Center in Texas was hit with a major ransomware attack from a gang that says it stole 1 million patient records. A report showed that patients at hospitals dealing with cyberattacks are more likely to die.
The series of warnings come with a growing awareness of just how dangerous cybersecurity holes in healthcare can be. Healthcare organizations are more and more dependent on internet-connected devices to do things like track patient records and deliver medications. And they’re increasingly a target for ransomware attacks, which can steal data and shut down the systems they use to deliver care.
Experts spent years frustrated that hospitals weren’t taking cybersecurity seriously. But over the course of the COVID-19 pandemic, that tide started to shift. With its warning this week, the FBI joins Congress in taking medical device vulnerabilities seriously — earlier this summer, senators proposed legislation that would require the Food and Drug Administration to put out more regular guidelines around medical device cybersecurity. The FDA asked for more power to make rules around cybersecurity, as well.
There’s also more awareness around the ways cyberattacks can hurt patients, which many people in healthcare had been reluctant to acknowledge. A cyberattack at the University of Vermont Health Network during the pandemic gave researchers an opportunity to show clearly that these disruptions degrade patient care. Last year, a survey found that over two-thirds of healthcare organizations hit by ransomware had longer hospital stays for patients and delays in procedures during the attacks. In the new report from a think tank in Washington, DC, a quarter of organizations dealing with ransomware said they had higher mortality rates.
Incidents like the hack on the OakBend Medical Center are so common these days that they barely register on the national news barometer. Most people don’t realize that they’re happening so regularly — or that they’re so dangerous. But with things like congressional action and FBI warnings picking up steam, experts are hopeful that cybersecurity is finally starting to become a priority. “I do believe we’re making strides in finally actually addressing ransomware,” Oscar Miranda, chief technology officer for healthcare at cybersecurity company Armis, told The Verge last year.