Cybersecurity Cannot Be Ignored

Feb. 20, 2024

This month, we are featuring a topic that hasn’t been covered very much for Healthcare Purchasing News—cybersecurity. Cybersecurity issues are prominent in many industries, including healthcare. The big difference between other industries and healthcare is that patient lives are literally on the line.

In October of 2021, I reported for HPN’s sister publication, Healthcare Innovation, that the first credible public claim that a death was caused, at least in part, by ransomware was reported by The Wall Street Journal on Sept. 30. An Alabama woman, whose 9-month-old child died, had filed a lawsuit against Springhill Medical Center (located in Mobile, Ala.), where her daughter was born.

According to a CBS News article, “Springhill Medical Center was besieged by a ransomware attack when Nicko Silar was born July 17, 2019.  The resulting failure of electronic devices meant a doctor could not properly monitor the child's condition during delivery, according to the lawsuit by Teiranni Kidd, the child's mother.”

Further, “‘The number of healthcare providers who would normally monitor her labor and delivery was substantially reduced and important safety-critical layers of redundancy were eliminated,’ the suit claims.”

The baby had severe brain injuries, among other issues, and died in 2020 at another hospital after months of intensive care.

This story is incredibly alarming and if you search the web, you can find similar stories of health systems or hospitals that were affected by ransomware attacks, sometimes even having to revert back to paper charts.

Cybersecurity needs to be taken seriously by everyone at a healthcare organization. IT professionals are not the only ones who need cybersecurity training; all individuals who are employed by healthcare facilities should be trained on best practices—like not leaving login information on a sticky note under one’s keyboard or how to identify a phishing email.

Our story this month focuses mostly on medical devices and the internet of medical things (IoMT). Cyber Expert Richard Staynings of Cylera and the University of Denver spoke with Editor-in-Chief, Janette Wider and Associate Editor, Matt MacKenzie about a number of cybersecurity things, including the increasing prevalence of artificial intelligence (AI) and machine learning (ML) in healthcare settings. You can read it on page 12.

I’ll admit that I have a passion for healthcare cybersecurity, as that’s the “beat” I covered most extensively when I started as a journalist. And I guess my interest probably goes back to when I saw “WarGames” on cable when I was a kid. (“Shall we play a game?”)

I thought it only appropriate for HPN to cover this topic now that we’re officially a few months into 2024, as threats from hackers are not slowing down. On Jan. 31, The Record reported that Chicago-based Saint Anthony Hospital was the victim of a cyberattack claimed by the LockBit ransomware gang late last year. The gang posted the hospital to its “leak site” and gave the organization two days to pay approximately $900,000 in ransom. LockBit also took credit for an incident in November where multiple facilities in New Jersey and Pennsylvania had to cancel appointments and operate without patient files.

The Cybersecurity and Infrastructure Security Agency (CISA) has more information available on LockBit here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

Later this year, we’ll be covering ransomware in depth. Stay vigilant out there, readers.

Photo 106117755 © Jakub Jirsak | Dreamstime.com
Photo 89319446 © Mohamed Ahmed Soliman | Dreamstime.com