Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital, and that the U.S. government is doing too little prevent such breaches.

Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records. Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage for hefty ransoms, said John Riggi, the American Hospital Association’s cybersecurity adviser.

“Unfortunately, the unintended consequence of the use of all this network and internet connected technology is it expanded our digital attack surface,” Riggi said. “So, many more opportunities for bad guys to penetrate our networks.”

The assailants often operate from American adversaries such as Russia, North Korea and Iran, where they enjoy big payouts from their victims and face little prospect of ever being punished.

  • @CaptainSpaceman
    link
    611 months ago

    Its the bad guys faults hospitals run on MSDOS and a prayer? Maybe a little.

    Hospital infosec tends to be a joke. They have nice access controls inside the hospital, locking up meds behind badged vending machines and the like, but when it comes to infosec they comply with the bare minimum HIPAA says and thats it.

    Medical field is a prime target for ransomware and other hacks because of this.

    • @agent_flounder
      link
      English
      511 months ago

      I see nothing has changed in the 20y since I did healthcare infosec.

  • @[email protected]
    link
    fedilink
    110 months ago

    Often the expensive imaging and scanning machines have embedded windows OS that gets past its viability as far as sec goes, way before the machine itself is past usable. The machines in question are of course very expensive and upgrading the embedded OS is not usually an option. The manufacturers have a profit motive too and paying their devs to write updates don’t cut it. The answer, as always is ofc, regulate and standardize. But then again, where’s the money in that? And so it goes.