Healthcare facilities are facing cyber security threats as Ascension, a health care system with over 140 hospitals in 19 states and Washington, D.C., reported a “cyber security event” on Wednesday. The event has caused disruptions to clinical operations within the company, leading to major impacts on medical services in several states, such as Kansas, Florida, and Michigan. Patients have been diverted to other hospitals and there has been a lack of access to digital records due to this disruption.
Physicians in Michigan have revealed that they are now required to write everything on paper due to the cyber security event. This situation has taken the medical facilities back to the technology levels of the 1980s or 1990s. This attack comes at a time when lawmakers and federal regulators are still dealing with the aftermath of the February attack on Change Healthcare. Change Healthcare admitted to paying $22 million to the ALPHV ransomware group, which then shut down its site. An affiliate who was allegedly involved in the attack took 4 terabytes of data to another extortion site after being cut out of the proceeds.
The situation with Change Healthcare has reignited the conversation around establishing minimum cybersecurity standards for the hospital industry. Industry groups have expressed their commitment to fighting against the implementation of such standards. However, healthcare remains one of the most targeted sectors by ransomware operators because disruptions to medical services are intolerable for long periods and operators might be more inclined to pay extortions as indicated by cybersecurity firm Emsisoft. This highlights how important it is for healthcare providers and organizations