• About Us
  • Contact Us
  • Cookie policy (EU)
  • Home
  • Privacy Policy
  • Video
  • Write for us
Today Headline
  • HOME
  • NEWS
    • POLITICS
    • News for today
    • Borisov news
  • FINANCE
    • Business
    • Insurance
  • Video
  • TECHNOLOGY
  • ENTERPRISE
  • LIFESTYLE
    • TRAVEL
    • HEALTH
    • ENTERTAINMENT
  • AUTOMOTIVE
  • SPORTS
  • Travel and Tourism
  • HOME
  • NEWS
    • POLITICS
    • News for today
    • Borisov news
  • FINANCE
    • Business
    • Insurance
  • Video
  • TECHNOLOGY
  • ENTERPRISE
  • LIFESTYLE
    • TRAVEL
    • HEALTH
    • ENTERTAINMENT
  • AUTOMOTIVE
  • SPORTS
  • Travel and Tourism
No Result
View All Result
TodayHeadline
No Result
View All Result

Health systems want government help fighting off the hackers

June 22, 2022
in Health
0
0
SHARES
4
VIEWS
Share on FacebookShare on Twitter


Lee Milligan, chief information officer at Asante Health System in Oregon, said he is encouraged that President Joe Biden has taken steps to help secure the nation against cyber threats, but wants Washington to work more directly with health systems to shoulder the burden of the attacks.

“It blows my mind that ultimately, it’s on the individual hospital systems to attempt to — essentially in isolation — figure it out,” he said. “If a nation state has bombed bridges that connect over the Mississippi River and connect state A and B, would we be looking at it in the same way? And yet the same risk to life happens when they shut down a health system.”

The unrelenting rise in attacks jeopardizes patient safety and strains clinicians already worn out by the Covid-19 pandemic. In the worst case, hackers can shut down hospital operations and siphon off patient data.

Getting hacked is pricey: A 2021 cyberattack on the largest health system in San Diego, Scripps Health, cost $112.7 million. These costs put further pressure on health systems to raise the price of services, especially as they face a competitive labor market, pandemic losses and rising drug prices. And now, cyber insurers are limiting coverage and hiking premiums, further exposing health systems.

There have been various federal efforts to assist health systems with cyberattacks, through the Department of Health and Human Services, the Federal Bureau of Investigations and the Department of Homeland Security. However, not all health systems feel like these resources are enough.

“What I really wanted was for them to put into place an actual specific framework for a partnership between individual health systems and the government on either protecting or responding or preferably both,” Milligan said.

The costs

A doctor gets an email asking her to log into a portal to get a copy of her patient’s past medical records. The website the email links to is fake, a nefarious doppelganger mocked up by hackers. Unwittingly, the doctor has given up her log-in credentials for the real health record portal or downloaded a virus.

This is one of many scenarios health care CISOs are preparing for as health systems prepare for a federal October deadline to make electronic health records data shareable among hospital networks, which could lead to new lines of attacks from cyber criminals, they said, because it draws attention to new entry points for hackers.

Cyberattacks on health systems are on a steady rise, and their costs are mushrooming. Experts said there are a variety of reasons for the increase, including that criminals are getting more advanced and more aspects of health care are online.

When a cyberattack struck Sky Lakes Medical Center, a community hospital in southern Oregon, in late October 2020, its computers were down for three weeks. The most mundane tasks became arduous. Nurses had to check on critical patients every 15 minutes in case their vital signs changed. Doctors scribbled down their orders and the swelling mounds of paper took over whole rooms. In three weeks, the hospital ran through 60,000 sheets of paper.

Sky Lakes had to rebuild or replace 2,500 computers and clean its network to get back online. Even after it hired extra staff, it took six months to input all the paper records into the system. In total, John Gaede, Sky Lakes director of information services, says his organization spent $10 million — a big expense for a nonprofit with roughly $4.4 million in annual operating income (the organization did not pay a ransom).

For hospitals with limited budgets, there are questions about how well they can protect themselves. The attack on Sky Lakes was part of a wave of attacks in 2020 and 2021 connected to a criminal group in Eastern Europe.

“Our budgets typically have a margin of maybe 3 percent a year,” Gaede said, “but we’re supposed to compete with nation-state actors?”

Health data is lucrative on the black market, making hospitals a popular target. Plus, if a health system has ransomware insurance, criminals may think they’re guaranteed a payout. Ransomware ties up hospital records in encrypted files until a fee is paid.

“Back when ransoms were $50,000, it was cheaper to pay them than to deal with a lawsuit that would have cost far more,” says Omid Rahmani, associate director at Fitch Ratings, a credit rating agency, adding that ransoms now cost millions. “The landscape’s changed and because of that the cyber insurance side has changed — and that’s really connected to the rise of ransomware.”

In its annual cost of a data breach report, IBM writes the global average cost of an attack on a health system rose from about $7 million to over $9 million in 2021. But remediating these violations in the U.S. can be far more expensive. There isn’t comprehensive data on how much U.S. health care systems are spending on attacks, but a few high-profile cases shed some light:

  • A breach of Universal Health Services, which serves 3.5 million patients, cost $67 million.
  • The University of Vermont, an academic medical facility with roughly 168,000 annual patients, spent $54 million to recover from an attack in 2020.
  • Scripps Health, which treats 700,000 patients annually, lost $112.7 million.

Health systems are only partially recouping these costs. Scripps received $35 million from its insurers, according to a quarterly financial disclosure — about 30 percent of the actual cost. The University of Vermont collected $30 million from its insurer, while United Health Services received $26 million.

“What I’m seeing is that the cost to remediate after a high-impact cyberattack — whether it’s a large theft of data or disruptive ransomware attack — is easily five times to ten times their insurance coverage, whether you’re a small hospital or large,” said John Riggi, senior adviser on security at the American Hospital Association.

The delta between the cost of a cyberattack and what insurers will pay out is likely to grow. Last year, amid a deluge of claims, Reuters reported that cyber insurers were both pulling back on maximum reimbursement rates and the kinds of attacks they cover. In November, Lloyd’s of London, a major cyber insurance provider, announced it would not cover cyber warfare, or cyberattacks made on behalf of a nation state. Premiums are going up in kind.

“I can’t stress enough, all those costs I’m referring to here are paid for by all of us,” says Brad Ellis, head of Fitch Ratings’ U.S. Health Insurance Group. “[Health systems] are paid by the insurance companies and we all pay the premiums which have gone up by a lot. And they continue to go up.”

The government’s role

A big question is to what degree government agencies should protect organizations deemed critical infrastructure. Two agencies — Cybersecurity and Infrastructure Security Agency and the Health Sector Cybersecurity Coordination Center under the Department of Health and Human Services — provide information about attacks and how to build infrastructure to fend them off. CISA and the FBI also have incident response teams.

Eric Goldstein, executive assistant director for cybersecurity at CISA, said the government needs better visibility into how many attacks are taking place and where. “It bears noting that a significant portion of cybersecurity intrusions are not reported to the government,” he said.

Health systems are required to report data exposures that affect more than 500 people to the Office of Civil Rights. But if health data doesn’t get out, health systems don’t have to report.

But that is poised to change. Last spring, Biden signed an executive order on improving the nation’s cybersecurity that Goldstein calls “the most operationally impactful cybersecurity Executive Order ever,” signaling an increased investment in cyber security.

“It sets forth really a sea change in how the federal government manages its own cybersecurity,” he says.

The Biden administration also convened a meeting last week with several health care executives and relevant senior government officials to discuss cybersecurity threats and the challenge of securing smaller health systems.

In May, Senate Homeland Security and Governmental Affairs Chair Gary Peters (D-Mich.) released a report showing the government had insufficient data on cyberattacks hitting critical infrastructure, like health care facilities, to effectively protect the nation against such strikes. Peters is also behind the Cyber Incident Reporting Act, a recently passed law that has tight deadlines for reporting significant cyberattacks and ransomware payments to CISA (the rule also gives CISA the power to subpoena anyone who doesn’t make these deadlines).

In turn, CISA will design a warning system to alert potential targets to common exploits and set up a ransomware taskforce to prevent and disrupt attacks. The taskforce must be set up by roughly March of next year, while the ransomware vulnerability warning pilot has a year to get off the ground.

Goldstein acknowledges that the government may not be actively defending every health system from a cyberattack. But, he notes that CISA erected the Joint Cyber Defense Collaborative last year to work with telecom companies and cloud providers on securing their infrastructure, and health systems, which use these networks, stand to benefit by proxy.

“Cybersecurity is now, maybe for the first time, a board of directors and C-suite issue at organizations across the country,” he said, adding that this level of attention and spending is ultimately what will help counter the threat.

Previous Post

Amid the drought, tear out your lawn and use recycled water

Next Post

World’s first successful transmission of 1 petabit per second in a standard cladding diameter multi-core fiber

Related Posts

Health

Substantial discrepancies found between estimated and measured GFR

A cross sectional study found...

Read more
Beer of the Week: Best Beers You Should Be Drinking Now
Health

Beer of the Week: Best Beers You Should Be Drinking Now

If you love beer, you’re...

Read more
Mississippi’s governor: Full speed ahead with new abortion restrictions
Health

Mississippi’s governor: Full speed ahead with new abortion restrictions

“We have to prove that...

Read more
Lung disease sufferers may be offered first ever treatment thanks to daily pill
Health

Lung disease sufferers may be offered first ever treatment thanks to daily pill

Lung disease sufferers with severe...

Read more
Health

Pre-TBI headache affects diagnosis of posttraumatic headache

Individuals with headache before traumatic...

Read more
Load More
Next Post

World's first successful transmission of 1 petabit per second in a standard cladding diameter multi-core fiber

  • Trending
  • Comments
  • Latest
Dog Waited Seven Days At Side Of Road Because His Owner Said ‘Stay’

Dog Waited Seven Days At Side Of Road Because His Owner Said ‘Stay’

Josh Duggar’s Daily Life In Prison Will Be VERY Closely Supervised – Here’s How

Josh Duggar’s Daily Life In Prison Will Be VERY Closely Supervised – Here’s How

I’m a recent widow. I’m building a house on my son’s and daughter-in-law’s land. Do I have legal ownership? What if they decide to sell, divorce, or die before me?

I’m a recent widow. I’m building a house on my son’s and daughter-in-law’s land. Do I have legal ownership? What if they decide to sell, divorce, or die before me?

Classic Macaroni Salad (quick and creamy)

Classic Macaroni Salad (quick and creamy)

Amber Heard Demands a Retrial: The Evidence Was BS! And That Juror Was a Phony!

Amber Heard Demands a Retrial: The Evidence Was BS! And That Juror Was a Phony!

From the Screen to Short-Term Rentals and How “Stargirl” Started Investing

From the Screen to Short-Term Rentals and How “Stargirl” Started Investing

Teaching Personal Finance On eLearning Platforms

Teaching Personal Finance On eLearning Platforms

My ADHD Hyperfixations: Pressure Washing Obsession

My ADHD Hyperfixations: Pressure Washing Obsession

About Us

Todayheadline the independent news and topics discovery
A home-grown and independent news and topic aggregation . displays breaking news linking to news websites all around the world.

Follow Us

Latest News

Amber Heard Demands a Retrial: The Evidence Was BS! And That Juror Was a Phony!

Amber Heard Demands a Retrial: The Evidence Was BS! And That Juror Was a Phony!

From the Screen to Short-Term Rentals and How “Stargirl” Started Investing

From the Screen to Short-Term Rentals and How “Stargirl” Started Investing

Amber Heard Demands a Retrial: The Evidence Was BS! And That Juror Was a Phony!

Amber Heard Demands a Retrial: The Evidence Was BS! And That Juror Was a Phony!

From the Screen to Short-Term Rentals and How “Stargirl” Started Investing

From the Screen to Short-Term Rentals and How “Stargirl” Started Investing

Teaching Personal Finance On eLearning Platforms

Teaching Personal Finance On eLearning Platforms

  • Real Estate
  • Education
  • Parenting
  • Cooking
  • NFL Games On TV Today
  • Travel and Tourism
  • Home & Garden
  • Pets
  • Privacy & Policy
  • Contact
  • About

© 2021 All rights are reserved Todayheadline

No Result
View All Result
  • Real Estate
  • Education
  • Parenting
  • Cooking
  • NFL Games On TV Today
  • Travel and Tourism
  • Home & Garden
  • Pets
  • Privacy & Policy
  • Contact
  • About

© 2021 All rights are reserved Todayheadline

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Posting....