Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital, and that the U.S. government is doing too little prevent such breaches.
Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records. Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage for hefty ransoms, said John Riggi, the American Hospital Association’s cybersecurity adviser.
“Unfortunately, the unintended consequence of the use of all this network and internet connected technology is it expanded our digital attack surface,” Riggi said. “So, many more opportunities for bad guys to penetrate our networks.”
The assailants often operate from American adversaries such as Russia, North Korea and Iran, where they enjoy big payouts from their victims and face little prospect of ever being punished.
Its the bad guys faults hospitals run on MSDOS and a prayer? Maybe a little.
Hospital infosec tends to be a joke. They have nice access controls inside the hospital, locking up meds behind badged vending machines and the like, but when it comes to infosec they comply with the bare minimum HIPAA says and thats it.
Medical field is a prime target for ransomware and other hacks because of this.
I see nothing has changed in the 20y since I did healthcare infosec.