Skip to main content
Sister Publication Links
  • ESG: THE IMPLEMENTATION IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Digital Health
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Unwell in America
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
December 04, 2020 10:42 AM

As hospitals cope with a COVID-19 surge, cyberthreats loom

Associated Press
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    Modern Healthcare Illustration / Getty Images

    BURLINGTON, Vt. (AP) — By late morning on Oct. 28, staff at the University of Vermont Medical Center noticed the hospital's phone system wasn't working.

    Then the internet went down, and the Burlington-based center's technical infrastructure with it. Employees lost access to databases, digital health records, scheduling systems and other online tools they rely on for patient care.

    Administrators scrambled to keep the hospital operational — cancelling non-urgent appointments, reverting to pen-and-paper record keeping and rerouting some critical care patients to nearby hospitals.

    In its main laboratory, which runs about 8,000 tests a day, employees printed or hand-wrote results and carried them across facilities to specialists. Outdated, internet-free technologies experienced a revival.

    "We went around and got every fax machine that we could," said UVM Medical Center Chief Operating Officer Al Gobeille.

    The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. healthcare providers hostage as COVID-19 cases surge nationwide.

    The same day as UVM's attack, the FBI and two federal agencies warned cybercriminals were ramping up efforts to steal data and disrupt services across the healthcare sector.

    By targeting providers with attacks that scramble and lock up data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they're paid.

    In September, for example, a ransomware attack paralyzed a chain of more than 250 U.S. hospitals and clinics. The resulting outages delayed emergency room care and forced staff to restore critical heart rate, blood pressure and oxygen level monitors with ethernet cabling.

    A few weeks earlier, in Germany, a woman's death became the first fatality believed to result from a ransomware attack. Earlier in October, facilities in Oregon, New York, Michigan, Wisconsin and California also fell prey to suspected ransomware attacks.

    Ransomware is also partly to blame for some of the nearly 700 private health information breaches, affecting about 46.6 million people and currently being investigated by the federal government. In the hands of a criminal, a single patient record — rich with details about a person's finances, insurance and medical history — can sell for upward of $1,000 on the black market, experts say.

    Over the course of 2020, many hospitals postponed technology upgrades or cybersecurity training that would help protect them from the newest wave of attacks, said healthcare security consultant Nick Culbertson.

    "The amount of chaos that's just coming to a head here is a real threat," he said.

    With COVID-19 infections and hospitalizations climbing nationwide, experts say healthcare providers are dangerously vulnerable to attacks on their ability to function efficiently and manage limited resources.

    Even a small technical disruption can quickly ripple out into patient care when a center's capacity is stretched thin, said Vanderbilt University's Eric Johnson, who studies the health impacts of cyberattacks.

    "November has been a month of escalating demands on hospitals," he said. "There's no room for error. From a hacker's perspective, it's perfect."

    A 'CALL TO ARMS' FOR HOSPITALS

    The day after the Oct. 28 cyberattack, 53-year-old Joel Bedard, of Jericho, arrived for a scheduled appointment at the Burlington hospital.

    He was able to get in, he said, because his fluid-draining treatment is not high-tech, and is something he's gotten regularly as he waits for a liver transplant.

    "I got through, they took care of me, but man, everything is down," Bedard said. He said he saw no other patients that day. Much of the medical staff idled, doing crossword puzzles and explaining they were forced to document everything by hand.

    "All the students and interns are, like, 'How did this work back in the day?'" he said.

    Since the attack, the Burlington-based hospital network has referred all questions about its technical details to the FBI, which has refused to release any additional information, citing an ongoing criminal investigation. Officials don't believe any patient suffered immediate harm, or that any personal patient information was compromised.

    But more than a month later, the hospital is still recovering.

    Some employees have been furloughed until they can return to their regular duties.

    Oncologists could not access older patient scans which could help them, for example, compare tumor size over time.

    And, until recently, emergency department clinicians could take X-rays of broken bones but couldn't electronically send the images to radiologists at other sites in the health network.

    "We didn't even have internet," said Dr. Kristen DeStigter, chair of UVM Medical Center's radiology department.

    Soldiers with the state's National Guard cyber unit have helped hospital IT workers scour the programming code in hundreds of computers and other devices, line-by-line, to wipe any remaining malicious code that could re-infect the system. Many have been brought back online, but others were replaced entirely.

    Col. Christopher Evans said it's the first time the unit, which was founded about 20 years ago, has been called upon to perform what the guard calls "a real-world" mission. "We have been training for this day for a very long time," he said.

    It could be several more weeks before all the related damage is repaired and the systems are operating normally again, Gobeille said.

    "I don't want to get peoples' hopes up and be wrong," he said. "Our folks have been working 24/7. They are getting closer and closer every day."

    It will be a scramble for other healthcare providers to protect themselves against the growing threat of cyberattacks if they haven't already, said data security expert Larry Ponemon.

    "It's not like hospital systems need to do something new," he said. "They just need to do what they should be doing anyway."

    Current industry reports indicate health systems spend only 4% to 7% of their IT budget on cybersecurity, whereas other industries like banking or insurance spend three times as much.

    Research by Ponemon's consulting firm shows only about 15% of healthcare organizations have adopted the technology, training and procedures necessary to manage and thwart the stream of cyberattacks they face on a regular basis.

    "The rest are out there flying with their head down. That number is unacceptable," Ponemon said. "It's a pitiful rate."

    And it's part of why cybercriminals have focused their attention on healthcare organizations — especially now, as hospitals across the country are coping with a surge of COVID-19 patients, he said.

    "We're seeing true clinical impact," said healthcare cybersecurity consultant Dan L. Dodson. "This is a call to arms."

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    IBM Quantum System One at Cleveland Clinic_4_0.jpg
    Cleveland Clinic, IBM unveil quantum computer
    Dr. Alice Zheng
    Women's digital health sector poised for growth, venture capitalist predicts
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Health IT Strategist (HITS) Newsletter: Sign up for the latest IT and medical technology news delivered 3 days a week (M, W, F).
     
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Digital Health
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Unwell in America
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing