User:Rw696/Cyberattack

Hospitals[edit source][edit]
Hospital as an infrastructure is one of the major assets to have been impacted by cyber attacks. These attacks could "directly lead to deaths." The cyberattacks are designed to deny hospital workers access to critical care systems. Recently, there has been a major increase of cyberattacks against hospitals amid the COVID-19 pandemic. Hackers lock up a network and demand ransom to return access to these systems. The ICRC and other human rights group have urged law enforcement to take “immediate and decisive action” to punish such cyber attackers.

Hospitals and medical facilities have seen an increase in ransomware attacks in which criminals encode Protected Health Information (PHI) and other private identifiable information. When the ransom is paid, the money is exchanged for a key to decode the information and to return the stolen data. Access points into hospital infrastructure are often through third party companies that hospitals may contract jobs through. The HIPAA Omnibus Rule created in 2013 requires that all business contracted to perform work for the hospital where patient information could be involved would be required to be held to the same standards of security. An increasingly common access point has been through camera and security systems that are being added to the hospitals network. As more outside companies and devices become connected through the internet, the risks for cyberattacks increases. During the COVID- 19 pandemic an increase in attacks was noted. Researchers concluded that this was the result of increased remote work in which hospital staff had more devices connected to networks increasing potential areas of vulnerability. One tactic that has been effective in preventing cyberattacks in the healthcare industry is the Zero Trust method. In this model, all users known and unknown are viewed as a potential threat and requires everyone to verify their identity with the appropriate credentials.

With an increased use of Electronic Medical Records (EMR) comes an increased need for security to protect patient information and privacy. When a hospital experiences a data breach in the United States, the facility is required to report the breach to the people impacted under the Health Information Technology for Economic and Clinical Health Act, also called HITECH ACT, as it has the Breach Notification Rule. The rule states that facilities are required to report data breaches if the facility provides patient care under HIPAA guidelines. The Health Insurance Portability and Accountability Act protects patient’s right to privacy regarding their Protected Health Information (PHI). Accessing PHI can be very lucrative for cybercriminals as this information can contain home addresses, social security numbers, banking information, and other personally identifiable information.