User:Travism121212/Cyberattack

Hospitals
Hospital as an infrastructure is one of the major assets to have been impacted by cyber attacks. These attacks could "directly lead to deaths." The cyberattacks are designed to deny hospital workers access to critical care systems. Recently, there has been a major increase of cyberattacks against hospitals amid the COVID-19 pandemic. Hackers lock up a network and demand ransom to return access to these systems. The ICRC and other human rights group have urged law enforcement to take “immediate and decisive action” to punish such cyber attackers.

Hospitals and medical facilities have seen an increase in ransomware attacks in which criminals encode Protected Health Information (PHI) and other private information. When a ransom is paid, the money is exchanged for a key to decode the information. Access points into hospital infrastructure are often through third party companies that hospitals may contract certain jobs through. An increasingly common access point has become through camera and security systems that are being added to the hospitals network. As more devices and companies become connected through the internet, the risks for cyberattacks increases. One tactic that has been effective in preventing cyberattacks in the healthcare industry is the Zero Trust method. In this model, all users are viewed as a potential threat and requires everyone to verify their identity with the appropriate credentials.

When a hospital experiences a data breach in the United States, the facility is required to report the breach to the people impacted under the Health Information Technology for Economic and Clinical Health Act, also called HITECH ACT, as it has the Breach Notification Rule. The rule states that facilities are required to report data breaches if the facility provides patient care under HIPAA guidelines. The Health Insurance Portability and Accountability Act protects patient’s right to privacy regarding their Protected Health Information (PHI). Accessing PHI can be very lucrative for cybercriminals as this information can contain home addresses, social security numbers, banking information, and other personally identifiable information.