Cybersecurity is Patient Safety: What the Ransomware Attack on Change Healthcare Should Teach the Industry
The recent cyberattack on Change Healthcare, attributed to the cybercriminal gang BlackCat, has brought the vulnerability of healthcare systems into sharp focus, underscoring the urgent need for enhanced cybersecurity measures within the industry. This incident highlighted the attractive target that healthcare data presents to cybercriminals, with over 114 threat actors actively seeking to exploit these rich information repositories. The frequency of ransomware attacks on healthcare has alarmingly doubled in the past five years, prompting federal agencies to issue specific warnings about threats like BlackCat and the need for healthcare organizations to bolster their defenses.
Experts advocate for a comprehensive strategy to mitigate these risks, emphasizing the adoption of secure-by-design technologies, routine risk assessments, and the importance of cybersecurity as a fundamental component of patient safety. The Health Sector Coordinating Council’s Cybersecurity Working Group has outlined a strategic plan with ten goals aimed at moving the cybersecurity posture of healthcare from “critical” to “stable” condition. Additionally, the Department of Health and Human Services has released voluntary guidelines to help healthcare entities improve cybersecurity, indicating that some recommendations may become mandatory.
This wake-up call reminds us that cybersecurity in healthcare is not just about protecting data but is intrinsically linked to patient safety and care continuity. As the industry grapples with these challenges, it must focus on responding to incidents and proactively preventing them through a unified and strategic approach to cybersecurity.
Cybersecurity is Patient Safety’: What the Ransomware Attack on Change Healthcare Should Teach the Industry (Minemyer, FierceHealthcare, 3/1).
