How Can Hospitals Prevent Ransomware Attacks?

More than 200 healthcare facilities have fallen victim to ransomware attacks in the last three years

By Mackenna Moralez, Assistant Editor

Cybercrimes are on the rise, and no industry is safe – especially healthcare.

Last month, two Indiana hospitals fell victim to ransomware attacks, forcing them to resort to manual methods as their online systems were compromised. These attacks are not uncommon. Hospitals and other healthcare facilities are among favorites for cyber criminals, as more than 200 locations have been targeted in the last three years, and that number is only expected to increase exponentially in the coming years, according to The Wall Street Journal.

“Healthcare facilities are a high valued target in that they offer threat actors the potential of capturing patient information to resell on the dark web,” says Fred Gordy, director of cybersecurity with Intelligent Buildings. “There is also a new threat in the form of ‘Killware.’ According to Gartner, ‘Killware’ is designed to actually harm, or worse, kill humans, In the thousands of assessments, we have performed, we find building control systems to be attached to the web insecurely and easily accessible. These systems control everything from operatory suites, oxygen systems, blood storage, and patient rooms making them an easy target for Killware.”

Sure, there are still scams that are easy to identify, such as, “Click here to receive your $500 gift card,” but many are started to look like they are coming from a manufacturer, service provider or coworker. Because of this, many companies have begun implementing a double-verification system in order to limit the number of malware outbreaks.

“In 2020, there was a 600 percent increase of operational technology ransomware attacks across all business sectors including healthcare,” Gordy says. “Historically, the building system front end has been used as an engineer’s workstation. When a rogue link is clicked, it seizes the front end, and communication to the system is lost. Typically, the system is not being backed up, or if it is, the backups are out of date, making recovery difficult at best. By moving the front-end/application host into either a data center or moving it off the engineer’s desk into a locked closet so that it is no longer used as a workstation, almost 100 percent of the events we have seen could have been avoided.”

Patient information should never be connected to networks that store and transmit information, Gordy says. The International Society of Automation (ISA) standard, Zones and Conduit, should be used on any building control/operational technology network. When hospitals and other healthcare facilities do not use the standard or have a cybersecurity plan in place, the risks can include disruption of service, compromise of the patient network by network traversal, and potentially harm and loss of life.

Mackenna Moralez is the assistant editor of Healthcare Facilities Today.

November 12, 2021

Topic Area: Information Technology

Recent Posts

Creating a Resilient Healthcare Supply Chain

Reliable supply chains prepare facilities for crises that might bring supply shortages, delivery disruptions and patient surges.

San Diego Birthing Center Installs Noritz Tankless Water Heater

The product that was used was the EZ Series tankless water heater.

ARPA-H Announces Program to Automate Cybersecurity in Healthcare

The program, named UPGRADE, aims to protect operations and care continuity from cyberattacks.

Safety Initiatives Sees Drop in Workplace Violence

Workplace violence has dropped after employee reports of feeling unsafe at work.

New Jersey Affiliated Dermatologists Suffers Cyberattack

The cybersecurity incident occurred in March.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.