Is your hospital ready for 3-4 weeks of downtime?

At the HIMSS Healthcare Cybersecurity Forum, AHA cyber risk advisor John Riggi said health systems need to prepare now for clinical and operational contingencies as high-impact ransomware attacks increase.

John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, opened the 2023 HIMSS Healthcare Cybersecurity Forum with a compelling discussion on the urgent need for local and regional preparedness in the face of escalating healthcare cyberattacks. He highlighted the alarming rise in high-impact ransomware attacks on hospitals and health systems, emphasizing the significant patient safety risks posed by cyberattacks.

Riggi stressed that cybersecurity challenges are no longer abstract but have become a critical concern affecting patient well-being. He called for a shift from a purely defensive approach to a more proactive stance by both the healthcare industry and the U.S. government.

Key points from his presentation include:

Ransomware Epidemic: Riggi expressed deep concern about the increasing incidence of ransomware attacks targeting hospitals. He noted that these attacks have disrupted hospital operations and hindered patient care, with some attacks now deemed as severe as terrorist attacks.

Scope of the Threat: Riggi discussed the breadth of the current threat landscape, with cybercriminals stealing patient data and causing massive disruptions. He highlighted the involvement of nation-state-affiliated groups from countries like Russia, China, North Korea, and Iran, often in collusion with their respective government agencies.

Data Breach Projection: Riggi cited data from the U.S. Department of Health and Human Services Office for Civil Rights, indicating a significant rise in data breaches affecting millions of individuals. He projected that up to 100 million individuals could be impacted by cyber data breaches in the current year.

Data Vulnerabilities: Most patient data is stolen from hospital servers and email systems, not electronic health records (EHRs). Riggi emphasized that unencrypted data lying outside EHRs poses a significant risk.

Speed of Attacks: Cyber attackers are often faster at deploying malware than organizations are at applying patches. Riggi underscored the need for quicker responses and proactive cybersecurity measures.

Extortion of Patients: Riggi highlighted a disturbing trend where cybercriminals are extorting individual patients for ransom, emphasizing the evolving nature of cyber threats in the healthcare sector.

Impact on Patient Care: Major IT system disruptions can halt the delivery of patient care for several weeks. This is particularly concerning in regions where the nearest Level 1 trauma center may be far away, posing risks to patient safety and public health.

Business Continuity Planning: Riggi called for robust emergency management planning, both locally and regionally, and urged healthcare organizations to consider clinical continuity during cyberattacks. He emphasized the importance of identifying what technology is relied upon and assessing external impacts on clinics and labs.

Three Key Questions: Riggi recommended asking three fundamental questions during a high-impact ransomware attack: What will work? What won't work? What's the plan? He also advised having downtime coaches and safety officers for each department to manage such crises effectively.

In summary, John Riggi's presentation highlighted the critical need for healthcare organizations to adopt a proactive approach to cybersecurity, emphasizing preparedness, response, and recovery strategies to safeguard patient care in the face of evolving cyber threats.

Read on healthcareitnews.com