Ransomware attacks against the healthcare sector put lives at risk — and they’re getting worse. But federal authorities are providing free cybersecurity resources to foster systemwide change.
August 09, 2024 • Jule Pattison-Gordon
Read the full article in Government Technology here:
Until recently, ransomware attacks against health-care providers seemed largely the result of indiscriminate, mass phishing attacks in which perpetrators hit any organizations they could, said Health-ISAC Chief Security Officer Errol Weiss.But recent attacks on OneBlood, Synnovis and Octapharma indicate hackers are specifically targeting major health-care suppliers to cause widespread disruptions that increase pressures to pay.
And Weiss’ Health-ISAC shares alerts and advisories with its global membership.
Collaborations help but may have limits. Skapiksaid many health centers get some technical assistance from health center-controlled networks, but those often support dozens of health centers, all of which may have different versions of software. Vendors often charge hefty fees to update software, and they prioritize larger clients over small health centers, she said. Weiss said a grant-funded virtual CISO program could help launch cybersecurity programs that internal IT teams could then maintain. In this vision, one cyber professional would assist up to a dozen providers each year. Skapik said health centers would benefit from help applying for cyber insurance, a process that requires them to attain a minimum cyber posture, which can be costly for small entities.
