Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital, and that the U.S. government is doing too little prevent such breaches.
Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records. Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage for hefty ransoms, said John Riggi, the American Hospital Association’s cybersecurity adviser.
“Unfortunately, the unintended consequence of the use of all this network and internet connected technology is it expanded our digital attack surface,” Riggi said. “So, many more opportunities for bad guys to penetrate our networks.”
The assailants often operate from American adversaries such as Russia, North Korea and Iran, where they enjoy big payouts from their victims and face little prospect of ever being punished.
Wow, making a life necessity a profit center means cutting as many corners as possible and ultimately makes things worse for people who have no choice but to use their service? Who could have predicted such tragedy?
Its the bad guys faults hospitals run on MSDOS and a prayer? Maybe a little.
Hospital infosec tends to be a joke. They have nice access controls inside the hospital, locking up meds behind badged vending machines and the like, but when it comes to infosec they comply with the bare minimum HIPAA says and thats it.
Medical field is a prime target for ransomware and other hacks because of this.
I see nothing has changed in the 20y since I did healthcare infosec.
Often the expensive imaging and scanning machines have embedded windows OS that gets past its viability as far as sec goes, way before the machine itself is past usable. The machines in question are of course very expensive and upgrading the embedded OS is not usually an option. The manufacturers have a profit motive too and paying their devs to write updates don’t cut it. The answer, as always is ofc, regulate and standardize. But then again, where’s the money in that? And so it goes.