A cybersecurity expert said that the ransomware attacks on Change Healthcare and St. Louis-based Ascension has highlighted the healthcare industry’s cybersecurity weakness, CNN reported May 15.
“U.S healthcare is in a death spiral,” Joshua Corman, who co-founded I am the Cavalry, a volunteer group that focuses on cybersecurity for resource-poor organizations in the health sector, told the publication. “Distressed hospitals get acquired into too-big-to-fail conglomerates. Ransoms cause distress for the little ones, and multi-week, multi-state outages for the ones ‘saved’ by the big ones.”
According to a report by cybersecurity firm Emsisoft, ransomware attacks on U.S. hospitals and health systems saw an increase in 2023, impacting 46 health systems and comprising 141 hospitals. This is an increase from the 25 health systems affected in 2022.
The severity of these attacks, according to CNN, was highlighted by the February cyberattack on Change Healthcare and the May ransomware attack on Ascension.
In response to these escalating cybersecurity attacks in the healthcare industry, the Biden administration is looking to introduce minimum cybersecurity standards for U.S. hospitals.
Anne Neuberger, deputy national security advisor for cyber and emerging technology, confirmed the forthcoming regulations, although specifics are yet to be finalized. However, the proposal has encountered resistance from the American Hospital Association, which argues that penalizing hospitals post-attack would only exacerbate the challenges faced by victims of cybercrime.