Over recent months, increasing ransomware attacks and other cybersecurity threats in the health care field have underscored the critical need for hospitals and health systems to defend against malicious actors. Health care possesses a unique combination of highly targeted data sets that makes it a prime target by cyber adversaries.

Ransomware Impacts and Cyber Defense Challenges

During my testimony to the U.S. Senate in December 2020, I pointed out that a ransomware attack could interrupt patient care, or worse, shut down operations at the facility, thereby putting patient lives, and the community, at risk. Cybersecurity vulnerabilities and intrusions can also negatively affect a health care organization’s reputation.

Many hospitals and health systems recognize that they must view cybersecurity not as a novel or IT-only issue but rather as an enterprise risk — so they are striving to make cybersecurity part of their existing governance, risk management and business continuity framework as part of their efforts to elevate their vigilance against growing and more sophisticated cyberthreats. Yet, as they face dire workforce shortages and financial challenges exacerbated by the pandemic, enhancing their cyber defenses can be quite a struggle.

Call for Help

That is why in 2020 I called upon the Senate to expand public-private partnerships and cross-industry efforts to share threat information, and to step up to defend the nation’s hospitals and health systems from cyberattacks. After all, hospitals can only do so much on defense when foreign-based adversaries sheltered by hostile nation-states attack them. We also need a robust offense by the U.S. government to go after bad actors.

Administration Takes Action

For this reason, I commend the Biden Administration on its National Cybersecurity Strategy, announced March 2, 2023, which is aimed at shifting cyber defense responsibilities, improving cyber resilience and disrupting cyberthreat operations. The Strategy acknowledges that private sector efforts alone are insufficient to counter the significant cyberthreats we face as a nation.

We at the American Hospital Association (AHA) are pleased that the Strategy includes several important ideas we fully support, including:

  • Declaring ransomware attacks as a national security threat.
  • Conducting more offensive operations against cyberthreat actors.
  • Implementing software security requirements for software developers.

I am also proud of the FBI’s actions in defending hospitals and health systems from cyberattacks. Recently, for example, the FBI took down the Hive ransomware gang, whose criminal enterprise threatened patient safety. To hear the dramatic story, listen to my podcast interview with the FBI supervisor in charge of the Hive investigation.

The AHA Continues to Support Health Care Cybersecurity Efforts

The AHA will continue to work with the hospital field, Congress and the Administration, and other stakeholders to advance and adopt cyber policies that are streamlined, effective and feasible to implement.

And, as the AHA’s national advisor for cybersecurity and risk and a former FBI cyber executive, I want you to know that I provide a variety of cybersecurity offerings to advise and assist health care organizations like yours in mitigating the many cyber and physical risks you face. View the many places I’ve traveled over the past two years as part of my work with AHA members, hospital associations and government officials.

Plus, learn how the exclusive, highly vetted panel of service providers in our AHA Preferred Cybersecurity Provider (APCP) Program can help your organization prepare for, prevent and respond to today’s pressing cyberthreats.

Related News Articles

Headline
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…
Headline
The Cybersecurity and Infrastructure Security Agency Oct. 31 issued an alert on a large-scale spear-phishing campaign targeting organizations in several…
Headline
The Health Sector Cybersecurity Coordination Center on Oct. 28 released a report on the "Miracle Exploit," a set of critical vulnerabilities affecting Oracle…
Headline
A new AHA Cyber Intel blog by John Riggi, AHA’s national advisor on cybersecurity and risk, examines current trends and challenges in health care regarding…
Chairperson's File
Cyberattacks are increasing and expected to reach record numbers in the U.S. by the end of 2024. Although no field or industry is immune from attacks that…
Headline
A joint advisory issued Oct. 16 by the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and international agencies warn…