As hospitals cope with a COVID-19 surge, cyberthreats loom
Skip to main content
MDHC_Logotype_white
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • This Week's News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • People
    • Regional News
    • Digital Edition
    • Hospital M&A activity rebounds in Q4
      Surgeon General calls on businesses to invest in community health
      Providers await new HHS coronavirus grant reporting deadline
      Excellus Blue Cross and Blue Shield to pay $5.1M HIPAA penalty
    • Hospital M&A activity rebounds in Q4
      Surgeon General calls on businesses to invest in community health
      Providers await new HHS coronavirus grant reporting deadline
      Louisiana gets reports vaccine providers are discriminating
    • Louisiana gets reports vaccine providers are discriminating
      'We know this is real': New clinics aid virus 'long-haulers'
      Trenda Ray
      Q&A: Arkansas nursing leader looking for creative staffing solutions as COVID cases surge
      The Check Up: Trenda Ray
      The Check Up: Trenda Ray of the University of Arkansas for Medical Sciences
    • CMS approves rule forcing insurers to ease prior authorization
      COVID-19 still a big uncertainty for insurers in 2021
      Health insurers' outlook boosted after Dems' Georgia win
      humana_i.jpg
      Humana supports Ohio not-for-profits with $500,000
    • Quest Diagnostics wins CDC contract to sequence coronavirus samples
      Biden picks transgender woman as assistant health secretary
      The Check Up: Chip Kahn
      The Check Up: Chip Kahn of the Federation of American Hospitals
      'Little old West Virginia' sets pace on vaccine rollout
    • Providers await new HHS coronavirus grant reporting deadline
      Operation Warp Speed Dr. Moncef Slaoui, Pfizer Group President Angela Hwang, Moderna CEO Stephane Bancel, CVS Health Executive Vice President Karen Lynch and McKesson CEO Brian Tyler participate in a panel discussion on the COVID-19 vaccine.
      Hospitals, drug companies strive to stand out virtually at JPM
      Intermountain, Trinity, Memorial Hermann behind $300M private equity fund
      Operation Warp Speed to bump up McKesson's stock price
    • A man in a room with servers.
      Momentum grows to outsource hospital tech functions in 2021
      5 things to know about Google's $2.1B Fitbit acquisition
      Providence bets on machine-learning, consolidating data centers
      Mental health treatment was most common telehealth service during COVID
    • Sticking to Mediterranean diet is good for the brain
      Chance of COVID-19 triage care looms over Arizona hospitals
      U.S. ramps up vaccinations to get doses to more Americans
      367146427.jpg
      Should businesses mandate that staff get the COVID vaccine?
    • Providence names new chief financial officer
      Wisconsin's top health official departing for federal job
      Cone Health CEO, CFO to depart amid pending Sentara merger
      Tower Health's finance chief resigning after years of steep losses
    • Midwest
    • Northeast
    • South
    • West
  • Insights
    • ACA 10 Years After
    • Best Practices
    • InDepth Special Reports
    • Innovations
    • The Affordable Care Act after 10 years
    • New care model helps primary-care practices treat obesity
      doctor with patient
      COVID-19 treatment protocol developed in the field helps patients recover
      Rachel Wyatt
      Project to curb pressure injuries in hospitals shows promise
      Yale New Haven's COVID-19 nurse-staffing model has long-term benefits
    • Michellene Davis
      Healthcare leadership lacks the racial diversity needed to reduce health disparities
      Dr. James Hildreth
      How medical education can help fight racism
      Modern Healthcare InDepth: Breaking the bias that impedes better healthcare
      Videos: Healthcare industry executives describe their encounters with racism
      Quotes from rebadged employees
      Outsourcing IT, revenue cycle takes toll on internal culture
    • A woman with a wearable sensor talking to her provider.
      Wearable sensors help diagnose heart rhythm problems in West Virginia
      self service station
      COVID-19 pushes patient expectations toward self-service
      Targeting high-risk cancer patients with genetics
      A nurse holds up a phone with a message to a family member saying surgery has started.
      Texting, tablets help hospitals keep family updated on patient care
  • Transformation
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Highmark Health inks six-year cloud, tech deal with Google
      Study: 1 in 5 patients report discrimination when getting healthcare
      HHS proposes changing HIPAA privacy rules
      Android health records app launches at 230 health systems
    • California hospitals prepare ethical protocol to prioritize lifesaving care
      Amazon, JPMorgan Chase, Berkshire Hathaway disband Haven
      Digital pathways poised to reshape healthcare continuum in 2021
      Healthcare was the hardest hit by supply shortages across all U.S. industries
    • A woman with a wearable sensor talking to her provider.
      Wearable sensors help diagnose heart rhythm problems in West Virginia
      New care model helps primary-care practices treat obesity
      How hospitals are building on COVID-19 telehealth momentum
      Researchers: Hospital price variation exacerbates health inequities
    • MedPAC votes to boost hospital payments, freeze or cut other providers
      Most Next Gen ACOs achieved bonuses in 2019
      Congress recalibrates Medicare Physician Fee Schedule after lobbying
      CMS approves rule to encourage value-based drug pricing
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
    • Health Systems Financials
      Executive Compensation
      Physician Compensation
  • Op-Ed
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
    • Wellstar CEO calls adapting for the pandemic her bold move
      Howard P. Kern
      Recognizing the value of telehealth in its infancy
      Dr. Stephen Markovich
      A bold move helped take him from family doctor to OhioHealth CEO
      Dr. Bruce Siegel
      Why taking a hospital not-for-profit was Dr. Bruce Siegel’s boldest move
    • Barry Ostrowsky
      Ending racism is a journey taken together; the starting point must be now
      Laura Lee Hall and Gary Puckrein
      Increased flu vaccination has never been more important for communities of color
      John Daniels Jr.
      Health equity: Making the journey from buzzword to reality
      Mark C. Clement and David Cook
      We all need to 'do something' to fight inequities and get healthcare right, for every patient, every time
    • Dr. Bruce Siegel
      By protecting the healthcare safety net, Biden can put us on the path to a stronger country
      Healing healthcare: some ideas for triage by the new Congress, administration
      Dr. Sachin H. Jain
      Medicare for All? The better route to universal coverage would be Medicare Advantage for All
      Connectivity: a social determinant of health that can exacerbate all the others
    • Letters: Eliminating bias in healthcare needs to be ‘deliberate and organic’
      Letters: Maybe dropping out of ACOs is a good thing for patients
      Letters: White House and Congress share blame for lack of national COVID strategy
      Letters: VA making strides to improve state veterans home inspections
    • Sponsored Content Provided By Optum
      How blockchain could ease frustration with the payment process
      Sponsored Content Provided By Optum
      Three steps to better data-sharing for payer and provider CIOs
      Sponsored Content Provided By Optum
      Reduce total cost of care: 6 reasons why providers and payers should tackle the challenge together
      Sponsored Content Provided By Optum
      Why CIOs went from back-office operators to mission-critical innovators
  • Awards
    • Award Programs
    • Nominate
    • Previous Award Programs
    • Other Award Programs
    • Best Places to Work in Healthcare Logo for Navigation
      Nominations Open - Best Places to Work in Healthcare
      Nominations Open - Health Care Hall of Fame
      Nominations Open - 50 Most Influential Clinical Executives
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Top 25 Minority Leaders
    • Top 25 Women Leaders
    • Excellence in Nursing Awards
    • Design Awards
    • Top 25 COOs in Healthcare
    • 100 Top Hospitals
    • ACHE Awards
  • Events
    • Conferences
    • Galas
    • Webinars
    • COVID-19 Event Tracker
    • Leadership Symposium
    • Healthcare Transformation Summit
    • Women Leaders in Healthcare Conference
    • Workplace of the Future Conference
    • Strategic Marketing Conference
    • Social Determinants of Health Symposium
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Minority Leaders Gala (2022)
    • Top 25 Women Leaders Gala
  • Listen
    • Podcast - Next Up
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
    • Carter Dredge
      Next Up Podcast: Ready, set, innovate! Innovation and disruption in healthcare
      Next Up Podcast: COVID-19, social determinants highlight health inequities — what next?
      Ceci Connolly
      Next Up Podcast: How to navigate the murky post-election waters
      Next Up Podcast: Saving Rural Health
    • An older man wearing a mask receiving a vaccine.
      Beyond the Byline: Verifying information on the chaotic COVID-19 vaccine rollout
      doctor burnout
      Beyond the Byline: How healthcare supply chain struggles contribute to employee burnout
      Beyond the Byline: Covering race and diversity in the healthcare industry
      Beyond the Byline: How telehealth utilization has impacted investor-owned company earnings
    • Leading intention promote diversity and inclusion
      Introducing Healthcare Insider Podcast
    • The Check Up: Chip Kahn
      The Check Up: Chip Kahn of the Federation of American Hospitals
      The Check Up: Trenda Ray
      The Check Up: Trenda Ray of the University of Arkansas for Medical Sciences
      The Check Up: Dr. Kenneth Davis
      The Check Up: Dr. Kenneth Davis of Mount Sinai Health System
      The Check Up: Dr. Thomas McGinn
      The Check Up: Dr. Thomas McGinn of CommonSpirit Health
    • Video: Ivana Naeymi Rad of Intelligent Medical Objects
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Technology
December 04, 2020 10:42 AM

As hospitals cope with a COVID-19 surge, cyberthreats loom

Associated Press
  • Tweet
  • Share
  • Share
  • Email
  • More
    Print
    Modern Healthcare Illustration / Getty Images

    BURLINGTON, Vt. (AP) — By late morning on Oct. 28, staff at the University of Vermont Medical Center noticed the hospital's phone system wasn't working.

    Then the internet went down, and the Burlington-based center's technical infrastructure with it. Employees lost access to databases, digital health records, scheduling systems and other online tools they rely on for patient care.

    Administrators scrambled to keep the hospital operational — cancelling non-urgent appointments, reverting to pen-and-paper record keeping and rerouting some critical care patients to nearby hospitals.

    In its main laboratory, which runs about 8,000 tests a day, employees printed or hand-wrote results and carried them across facilities to specialists. Outdated, internet-free technologies experienced a revival.

    "We went around and got every fax machine that we could," said UVM Medical Center Chief Operating Officer Al Gobeille.

    The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. healthcare providers hostage as COVID-19 cases surge nationwide.

    The same day as UVM's attack, the FBI and two federal agencies warned cybercriminals were ramping up efforts to steal data and disrupt services across the healthcare sector.

    By targeting providers with attacks that scramble and lock up data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they're paid.

    In September, for example, a ransomware attack paralyzed a chain of more than 250 U.S. hospitals and clinics. The resulting outages delayed emergency room care and forced staff to restore critical heart rate, blood pressure and oxygen level monitors with ethernet cabling.

    A few weeks earlier, in Germany, a woman's death became the first fatality believed to result from a ransomware attack. Earlier in October, facilities in Oregon, New York, Michigan, Wisconsin and California also fell prey to suspected ransomware attacks.

    Ransomware is also partly to blame for some of the nearly 700 private health information breaches, affecting about 46.6 million people and currently being investigated by the federal government. In the hands of a criminal, a single patient record — rich with details about a person's finances, insurance and medical history — can sell for upward of $1,000 on the black market, experts say.

    Over the course of 2020, many hospitals postponed technology upgrades or cybersecurity training that would help protect them from the newest wave of attacks, said healthcare security consultant Nick Culbertson.

    "The amount of chaos that's just coming to a head here is a real threat," he said.

    With COVID-19 infections and hospitalizations climbing nationwide, experts say healthcare providers are dangerously vulnerable to attacks on their ability to function efficiently and manage limited resources.

    Even a small technical disruption can quickly ripple out into patient care when a center's capacity is stretched thin, said Vanderbilt University's Eric Johnson, who studies the health impacts of cyberattacks.

    "November has been a month of escalating demands on hospitals," he said. "There's no room for error. From a hacker's perspective, it's perfect."

    A 'CALL TO ARMS' FOR HOSPITALS

    The day after the Oct. 28 cyberattack, 53-year-old Joel Bedard, of Jericho, arrived for a scheduled appointment at the Burlington hospital.

    He was able to get in, he said, because his fluid-draining treatment is not high-tech, and is something he's gotten regularly as he waits for a liver transplant.

    "I got through, they took care of me, but man, everything is down," Bedard said. He said he saw no other patients that day. Much of the medical staff idled, doing crossword puzzles and explaining they were forced to document everything by hand.

    "All the students and interns are, like, 'How did this work back in the day?'" he said.

    Since the attack, the Burlington-based hospital network has referred all questions about its technical details to the FBI, which has refused to release any additional information, citing an ongoing criminal investigation. Officials don't believe any patient suffered immediate harm, or that any personal patient information was compromised.

    But more than a month later, the hospital is still recovering.

    Some employees have been furloughed until they can return to their regular duties.

    Oncologists could not access older patient scans which could help them, for example, compare tumor size over time.

    And, until recently, emergency department clinicians could take X-rays of broken bones but couldn't electronically send the images to radiologists at other sites in the health network.

    "We didn't even have internet," said Dr. Kristen DeStigter, chair of UVM Medical Center's radiology department.

    Soldiers with the state's National Guard cyber unit have helped hospital IT workers scour the programming code in hundreds of computers and other devices, line-by-line, to wipe any remaining malicious code that could re-infect the system. Many have been brought back online, but others were replaced entirely.

    Col. Christopher Evans said it's the first time the unit, which was founded about 20 years ago, has been called upon to perform what the guard calls "a real-world" mission. "We have been training for this day for a very long time," he said.

    It could be several more weeks before all the related damage is repaired and the systems are operating normally again, Gobeille said.

    "I don't want to get peoples' hopes up and be wrong," he said. "Our folks have been working 24/7. They are getting closer and closer every day."

    It will be a scramble for other healthcare providers to protect themselves against the growing threat of cyberattacks if they haven't already, said data security expert Larry Ponemon.

    "It's not like hospital systems need to do something new," he said. "They just need to do what they should be doing anyway."

    Current industry reports indicate health systems spend only 4% to 7% of their IT budget on cybersecurity, whereas other industries like banking or insurance spend three times as much.

    Research by Ponemon's consulting firm shows only about 15% of healthcare organizations have adopted the technology, training and procedures necessary to manage and thwart the stream of cyberattacks they face on a regular basis.

    "The rest are out there flying with their head down. That number is unacceptable," Ponemon said. "It's a pitiful rate."

    And it's part of why cybercriminals have focused their attention on healthcare organizations — especially now, as hospitals across the country are coping with a surge of COVID-19 patients, he said.

    "We're seeing true clinical impact," said healthcare cybersecurity consultant Dan L. Dodson. "This is a call to arms."

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Momentum grows to outsource hospital tech functions in 2021
    Momentum grows to outsource hospital tech functions in 2021
    5 things to know about Google's $2.1B Fitbit acquisition
    5 things to know about Google's $2.1B Fitbit acquisition
    Sponsored Content
    Get Free Newsletters

    Sign up for free enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today

    The weekly magazine, websites, research and databases provide a powerful and all-encompassing industry presence. We help you make informed business decisions and lead your organizations to success.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS
    • Instagram

    Stay Connected

    Join the conversation with Modern Healthcare through our social media pages

    MDHC_Logotype_white
    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2021. Crain Communications, Inc. All Rights Reserved.
    • News
      • This Week's News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition
    • Insights
      • ACA 10 Years After
      • Best Practices
      • InDepth Special Reports
      • Innovations
    • Transformation
      • Patients
      • Operations
      • Care Delivery
      • Payment
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Op-Ed
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Awards
      • Award Programs
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Top 25 Minority Leaders
        • Top 25 Women Leaders
      • Nominate
      • Previous Award Programs
        • Excellence in Nursing Awards
        • Design Awards
        • Top 25 COOs in Healthcare
      • Other Award Programs
        • 100 Top Hospitals
        • ACHE Awards
    • Events
      • Conferences
        • Leadership Symposium
        • Healthcare Transformation Summit
        • Women Leaders in Healthcare Conference
        • Workplace of the Future Conference
        • Strategic Marketing Conference
        • Social Determinants of Health Symposium
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Minority Leaders Gala (2022)
        • Top 25 Women Leaders Gala
      • Webinars
      • COVID-19 Event Tracker
    • Listen
      • Podcast - Next Up
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing