Computer systems at two of America’s top major health care firms were the target of recent ransomware attacks. This monumental attack caused the entire country’s healthcare system exposed and patients left without important medical care.
Cybersecurity wise, the healthcare industry is severely lacking and is said to not be as up to date as it should be. It showed heavily in these ransomware attacks that left many helpless. This ranges from some pharmacies not being able to process the insurance information of patients, to many ambulances having to be moved to different hospitals as a result of many computer systems being out of commision.Chaos then ensued as hospitals struggled to sort through and organize paper files of patients that were in need of care as online records were not accessable.
Cyber attacks on health care firms is nothing new to the country, however not much is done to prevent more attacks. According to the cybersecurity firm Emsisoft, there were 46 hospitals systems that were targeted by attacks last year. This year alone, almost one third of Americans had their own personal data compromised as a result of hackers breaking into a poorly secured server that was being put to use by a large healthcare company called Change Healthcare.
Because of these unfortunate events, the Biden administration has decided to issue a new set of cybersecurity requirements for all hospitals in the US. However, the American Hospital Association disagrees and plans to reject the proposal. According to CNN, “ the American Hospital Association, which represents hospitals across the United States, opposes the proposal, saying it would effectively re-victimize victims of cyberattacks by imposing penalties after they are hacked.” On the other hand, the Department of Health and Human Services stated that they are okay with places fines on firms that do not work to meet said standards or requirements. This will work to encourage firms to make their cybersecurity systems less vulnerable to these horrific attacks.
So, why are these large healthcare companies skimping out on very important security measures? In 2023, UnitedHealth Group reported 372 billion dollars in revenue. There is no question whether the budget allows for increased security or not, it is a matter of whether or not these companies want to put the effort in. The unfortunate truth is that because these firms do not wish to improve themselves, the American people are the ones paying for these crimes.