A recent cyberattack on Ascension, one of the largest healthcare systems in the United States, has caused significant disruptions to patient care at its hospitals. The attack has forced staff to resort to manual processes to complete tasks, leading to delays in treatment and highlighting the critical need for robust cybersecurity measures in healthcare organizations.
Impact of the Attack
A recent NPR article reports that the cyberattack has crippled many digital systems at Ascension hospitals. Staff are struggling to access electronic health records, schedule appointments, and process lab results. These disruptions can have serious consequences, causing delays in diagnoses and treatment, potentially impacting patient outcomes.
Challenges Faced by Staff
With digital systems down, healthcare workers are being forced to rely on manual workarounds. This significantly increases the time and effort required to complete even basic tasks. For example, nurses may have to handwrite patient records or track medications manually, taking precious time away from direct patient care.
Importance of Cybersecurity in Healthcare
The Ascension cyberattack serves as a stark reminder of the vulnerability of healthcare organizations to cyberattacks. Patient data is a highly lucrative for cybercriminals, and healthcare institutions must prioritize cybersecurity measures to protect this sensitive information.
A recent study by researchers at the University of Minnesota School of Public Health paints a concerning picture. The study, published in the Journal of the American Medical Association (JAMA) Health Forum, found that ransomware attacks on America’s health care systems more than doubled from 2016 to 2021. This alarming trend exposes the personal health information of millions of patients. Furthermore, this shows that these trends will only increase for healthcare providers.
The Urgent Need for Improved Cybersecurity
By taking the following steps, healthcare organizations can improve their cybersecurity posture and protect themselves from the devastating impacts of cyberattacks:
- Regularly update software and systems: Outdated software is a common target for attackers. Healthcare organizations should ensure that all their systems are up to date with the latest security patches.
- Implement strong password policies: Encourage staff to use strong passwords and change them regularly. Multi-factor authentication should also be used to add an extra layer of security alongside account monitoring. And investigate the implementation of phishing-resistant authentication methods.
- Train staff on cybersecurity threats: Educate staff on how to identify and avoid phishing attacks and other social engineering tactics.
- Have a data backup and recovery plan: In the event of a cyberattack, a robust data backup and recovery plan can help organizations restore their systems quickly and minimize downtime.
- Invest in advanced cybersecurity solutions: Healthcare organizations should consider investing in additional security measures like endpoint detection and response (EDR) systems and intrusion detection/prevention systems (IDS/IPS) to actively monitor and protect their networks.
The Ascension cyberattack is yet another wake-up call for the healthcare industry. Investing in robust cybersecurity measures is no longer optional; it is essential for protecting patient data, ensuring the continued delivery of high-quality care, and safeguarding the privacy of millions of patients.
https://jamanetwork.com/journals/jama-health-forum/fullarticle/2799961?