Lurie Children's Hospital back to pen and paper after cyberattack

Targeting a hospital - how low can people get?

"During El Reg's investigation, we were pointed to a December concept paper from the US Department of Health and Human Services' (HHS) cybersecurity strategy. [The paper] included proposals for enforcing new standards that if met, would offer financial support and incentives for hospitals."

Unfortunately the four substantive pages of the HHS paper are so 'high level' that they provide no warranty of effective results. What's actually needed is not yet more policy but sufficient local resourcing and expertise to render the targets of attack maximally robust and resilient. As was proven by NotPetya in the UK, health services are typically wide open targets because they are not informed or equipped enough to address the threats realistically.

Cyber Attacks in Healthcare Call For Cyber Security Improvements

With cyber attacks compromising sensitive patient information in US hospitals, it's evident that a reassessment of how prescriptions and health insurance claims are processed is long overdue. It's astonishing that despite advancements in technology and public awareness campaigns advocating for privacy settings on social profiles and caution against sharing personal information online, patient data such as date of birth, home address, telephone number, and in some cases, social security numbers or Medicaid/Medicare numbers, suffice for accessing and processing prescriptions and insurance claims.

There's an urgent need for a better patient identification system that doesn't rely on such vulnerable personal information. Perhaps technologies that identify patients by their voice or face could be explored, although it's worth noting that even AI programs can clone voices and faces. The most effective solution lies in hospitals enhancing their cybersecurity measures.

It's disheartening that it takes the threat of losing federal funding for hospitals to prioritize cybersecurity standards. Hospitals must not only prioritize patient health but also safeguard their personal data from cyber attacks.

In conclusion, it's imperative for hospitals, health clinics, and pharmacies to prioritize the implementation of robust cybersecurity measures to protect patient information. This isn't just about complying with regulations but about demonstrating a genuine commitment to patient welfare and data security in an increasingly digital age.