Written by Sean Lyngaas
A pair of healthcare organization hacks revealed in recent days highlight the lingering cybercrime threat to the industry as the United States moves forward in the fight against the coronavirus pandemic.
Scripps Health, a San Diego-based nonprofit with five hospital campuses, said on May 2 it had suspended access to computer applications that support its healthcare facilities following an “incident of security”. The incident forced Scripps to reschedule some patient appointments for Saturday and Monday, but “patient care continues to be delivered safely and efficiently at our facilities,” the association said in a statement on his Facebook page. (The Scripps website was still down as of press time Tuesday morning.)
Meanwhile, Midwest Transplant Network, a Kansas-based organization that connects organ donors with recipients, said it was working to determine whether patients’ personal health data had been affected by a recent breach. NPR affiliate KCUR reported that some 17,000 people were affected by the apparent ransomware attack on the organ transplant organization in which the authors obtained information on the health of donors and recipients. of deceased organs.
“There is no evidence that the exfiltrated data has been misused or distributed by cybercriminals,” Midwest Transplant Network said in a statement.
Both incidents highlight how, more than a year after the start of a pandemic that claimed the lives of more than 3 million people around the world, cybercriminals are still disrupting the networks of healthcare organizations of varying sizes. In the first week of December 2020, there were nearly double the number of publicly reported ransomware attacks against healthcare providers compared to all of 2019, according to threat intelligence firm Recorded Future.
The series of hacks have prompted cybersecurity professionals around the world to volunteer their time in an attempt to protect healthcare providers. While these volunteers were successful in alerting many organizations to the vulnerabilities, ransomware gangs continued to target the healthcare industry, culminating in a wave of intrusions into U.S. hospital networks in October.
“Widespread cyber vulnerabilities in healthcare are creating potentially lucrative targets for ransom-seeking malicious actors, leading to a significant increase in attacks against healthcare facilities,” says a report released last month by Ransomware Task Force, a collaboration of government and industry experts. . The task force recommended that U.S. prosecutors prioritize and seek tougher penalties for ransomware cases that threaten public health and safety.