As if physician attrition, nursing shortages, and a global sense of burnout isn’t enough to crumble an already exhausted healthcare industry, cybersecurity breaches have become an inescapable plague on the healthcare system. These breaches are now occurring not only more often, but also entail infractions of growing severity.
Last week, Chicago based CommonSpirit, the second largest non-profit hospital chain in the United States, reported a cyber-attack that forced the system to reschedule crucial appointments and even take certain IT systems offline till the appropriate response was mounted. As the hospital system entails more than 140 facilities across nearly 21 states, one can imagine the catastrophic cost both monetarily and in terms of patient efficiency caused by this breach.
CommonSpirit is certainly not the only institution that has faced this devastation in recent years. It joins the ranks of numerous other healthcare organizations that have encountered similar breaches, highlighting just how vulnerable the healthcare system is with regards to cybersecurity.
Rick Pollack, President and CEO of the American Hospital Association, wrote in a recent article: “The health care field continues to be a top target for cybercriminals. According to data from the Department of Health and Human Services (HHS), there has been an 84% increase in the number of data breaches against health care organizations from 2018-2021 […] The attacks have different goals and range in severity. In some cases, cybercriminals steal Social Security numbers and other personal data. Other breaches pose a direct threat to patient safety by shutting down or compromising medical equipment and systems that are critical to patient care.”
The government also recognizes this very serious threat. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology in the Biden Administration, has indicated that healthcare is one major focus area for the White House with regards to security infrastructure. Government and healthcare officials are also expecting new legislation within the coming months that will better strategize the way forward with regards to the healthcare security landscape.
The reason for all this concern? Though cybersecurity may cost the system billions of dollars in lost revenue or payouts, the more serious and ominous consequence is that it can very tangibly affect patient lives. If a cyber-attack renders a facility or healthcare organization inoperable, patients that require timely care may not be able to get it. Take for example the case of a German woman that was forced to reroute to a distant hospital and died from treatment delays, simply because the hospital closest to her was shutdown due to a ransomware attack.
Congruently, millions of people around the globe and in the United States already have poor access to healthcare. It is a well known fact that there is a significant shortage of healthcare providers, meaning that patients have to often wait weeks or months before they can see a physician. Therefore, when attacks akin to that faced by CommonSpirit occur and cause delays to patient care, it can lead to significant deterioration in the health conditions for millions of people and communities worldwide.
Indeed, cybersecurity breaches have significant repercussions, especially when they can very tangibly affect patient lives. Thus, undoubtedly, cybersecurity infrastructure must become a top priority for healthcare and government leaders.