The healthcare and public health sectors are vital to the health and security of the nation. These sectors are also increasingly becoming the target of cybersecurity attacks. These attacks include “ransomware,” where an attacker gains access to an organization’s system, encrypts their data, and holds the information hostage until the organization agrees to pay. The MedStar Health System fell victim to an attack in March 2016, which forced them to shut down IT systems to several hospitals and outpatient centers in the Washington, D.C. area, and prevented the organization from accessing important patient records [1]. Other healthcare systems and hospitals in California, Kansas, Kentucky, and Indiana have also been victims of ransomware attacks in recent months [2].
Ransomware attacks create immediate disruption to daily activities, and in the case of the healthcare and public health sector, can challenge our ability to provide quality care for patients and the community, as well as imperil the security of patients’ financial and medical information. In response to this threat, the Secretary of Health and Human Services (HHS) released a letter and accompanying resources to educate and assist public health and healthcare organizations in protecting against and reporting these types of attacks to authorities.
It is critical that public health officials engage with their law enforcement and healthcare partners to understand the cybersecurity threats in their communities and what to do, should they fall victim to an attack. Local health departments are encouraged to share the Secretary’s letter and resources with other healthcare entities in their jurisdictions.
Listed below are some additional resources available to state and local public health related to cybersecurity:
- U.S. Department of Homeland Security Critical Infrastructure Cyber Community Volunteer Program (C3)
- National Cyber Security Alliance Stay Safe Online Program
- The Office of the National Coordinator for Health Information Technology’s Privacy and Security Challenge training
- Healthcare and Public Health Sector Coordinating Council Cybersecurity Checklist
- Contact local law enforcement agencies to connect with your local FBI field office or Fusion Center for information about available training and resources
***
[1] Source: The Washington Post and HealthCare IT News
[2] Source: CSO Online and HealthCare IT News
