Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

Ransomware attacks in health care system should be a national emergency | #ransomware | #cybercrime


I hate standing in lines, and most Americans feel the same way. But I especially hate it at the pharmacy. What was once a minor annoyance has morphed into a different type of dread: the uncertainty about what will happen when you finally reach the front.

On Feb. 21, Change Healthcare, an important but not often talked about medical payment processing company, was the victim of a ransomware attack. Change Healthcare is one of the nation’s largest health care companies, processing 15 billion transactions annually, touching one in three U.S. patient records. The attack has had a catastrophic impact on hospitals and pharmacies, making it harder for them to process payments and insurance claims.

With Change Healthcare advising that their systems may not be fully restored for weeks, it is time for the Biden administration to declare not just this attack but all ransomware as causing a public health emergency. We should all be concerned about the impact of the Change Healthcare cyberattack on our health. Multiple stories have been told about Americans struggling to get lifesaving medicine because of the inability of pharmacies to access their insurance or discount accounts. Other patients are facing delays in scheduling appointments with their doctors. In recent days, doctors have even expressed fears that they may no longer be able to treat patients because they can’t pay their staff, and some hospitals may be forced to shut their doors.

But Change Healthcare is only the most recent victim of ransomware. Last year, 46 hospital systems were hit with ransomware attacks that impacted at least 141 hospitals. These attacks are having a growing impact on patients. Late last year, Ardent Health, which operates hospitals in Oklahoma, Texas and New Mexico, was forced to shut down some emergency rooms following a ransomware attack and diverted ambulances to nearby hospitals. In Illinois, St. Margaret’s Health in Spring Valley announced in June that it was closing. One of the reasons cited for the closure was a 2021 ransomware attack that interfered with the hospital’s ability to submit claims to insurance companies and led to financial issues.

A study by Proofpoint and the Ponemon Institute found that 21% of hospitals surveyed reported that ransomware attacks increased patient mortality rates. It is clear that ransomware is a health care problem, and we should treat it like one.

Xavier Becerra, the Department of Health and Human Services secretary, has the power to declare public health emergencies. What immediately comes to mind when discussing public health crises are significant events like the COVID-19 pandemic, the monkeypox outbreak, and the 2009 H1N1 flu, which were all declared public health emergencies. However, the most recent declarations by HHS involve natural disasters like typhoons, wildfires, hurricanes, and tornadoes that have caused a detrimental impact on the health of the public. Like these natural disasters, the ransomware epidemic targeting the U.S. health care system has created a public health emergency.

By declaring a public health emergency, HHS can provide grants to hospitals and clinics impacted by ransomware and modify Medicare and Medicare rules to reimburse doctors for services, relieving one of the current pain points for hospitals. However, the focus should be on more than just providing money; it should be giving hospitals and clinics a resource that is often harder to find: actual cybersecurity personnel and expertise.

While the U.S. faces a cybersecurity workforce shortage, the problem is most acute in health care, with ISC2, a nonprofit specializing in cybersecurity, finding that 74% of health care entities surveyed face a cyber staffing shortage. Along with funding, by declaring a public health emergency, HHS is also authorized to provide access to supplies, equipment and, most importantly, experts to help address ransomware.

While the Biden administration is investigating the Change Healthcare cyberattack, Americans shouldn’t have to wait in line for a solution to ransomware.

Anthony J. Hendricks is an attorney who advises clients on cybersecurity issues as the chair of Crowe & Dunlevy’s Cybersecurity and Data Privacy practice group. He also hosts the cybersecurity and data privacy podcast “Nothing About You Says Computer Technology.”

We welcome your thoughts in a letter to the editor. See the guidelines and submit your letter here. If you have problems with the form, you can submit via email at [email protected]



Source link

.........................

National Cyber Security

FREE
VIEW