Cyberattacks, also known as ransomware attacks, are disrupting operations in all kinds of businesses and other organizations. Hackers can demand hundreds of thousands of dollars and more in “ransom” to give these organizations back access to, and control over, their systems. In the meantime, however, hackers can access and release what was intended to be secured information – anything from private customer and employee data to financial information and trade secrets.
Hospitals are particularly popular targets for these attacks. Besides having a considerable amount of private patient digital data on file, they’re increasingly reliant on their systems for patient care. When hospitals can’t use monitoring, communication, health records and other systems, they lose the ability to provide the necessary care we all depend on in these facilities. That means they might be willing to pay a sizable ransom to hackers to get their systems back.
What the Biden administration plans to do about it
While no amount of digital security can prevent all hackers, hospitals owe it to their patients, employees and the public to have strong cybersecurity measures in place. Now, the Biden administration is set to provide a strong incentive for them to do that.
The administration is looking into tying funding from the Centers for Medicare & Medicaid Services (CMS) in part to a hospital’s level of digital security. Hospitals already have to meet a number of CMS requirements, including quality of patient care, to secure this much-needed funding. Under the proposed changes, medical facilities would be provided with a list of rules for basic “cyber hygiene” that they need to follow. The plan is to implement these this year.
Cyberattacks have been linked to increased adverse events and mortality rates
The exact number of patients who suffer harm or die as the result of ransomware attacks is impossible to determine at this point – in part because hospitals don’t always report these attacks. In one survey, however, 45% said cyberattacks resulted in adverse patient impacts. Of those, more than half reported increased mortality rates.
If you or a loved one has suffered harm or worse due to a cyberattack on a hospital or other medical provider, you may be able to hold that provider liable for not doing enough to prevent the attack, not being transparent about it or other negligence. By seeking experienced legal guidance, you can better determine whether you have a case.
