Chicago: Details of an apparent cyber attack on one of the largest health systems It was slow to emerge in the US as security experts warned on Friday that it often takes time to assess the full impact on patients and hospitals.
Earlier this week, CommonSpirit Health confirmed it had experienced an “IT security issue” but has yet to answer detailed questions about the incident, including how many of its 1,000 care sites serving 20 million Americans may have been affected. The health system giant, the second largest nonprofit health system in America, has 140 hospitals in 21 states.
“It takes a while to fully understand the space because you’re trying to restore all your systems,” said Alan Liska, an analyst at cybersecurity firm Recorded Future. “You’re trying to continue patient care. You’re trying to get your nurses and your doctors back to the system they need.”
Healthcare institutions It’s an attractive target for cyber attackers – especially those who use malware to lock down a victim’s organization’s files and leverage the information for payment. Ransomware has been a constant threat to the industry, which is one of 16 sectors classified as critical infrastructure by the US government.
“Ransomware actors know it’s going to cause a lot of disruption,” Liska said.
Liska added that 2021 saw an unusually high number of attacks on healthcare systems, with 285 publicly reported worldwide. So far, Liska’s firm has tracked 155 this year with an average of 20 attacks a month. However, it estimated that only 10% of ransomware attacks are disclosed.
Cybersecurity experts said years of work have increased healthcare leaders’ confidence in the FBI and other federal agencies focused on cybercrime.
An FBI spokeswoman declined to comment on whether CommonSpirit Health was investigating the cyberattack.
John Riggi, the American Hospital Association’s national adviser for cybersecurity and risk, said he could not discuss CommonSpirit specifically. Typically, though, he said it can take days, weeks or longer to figure out how an attacker gained entry, determine what damage has been done and prevent further damage.
Riggi, who spent nearly 30 years with the FBI, called any significant cyber attack on a hospital a “potential threat to patient safety” and said the US government takes it seriously. Their goal, he said, is to identify the attacker and reveal their identity and modus operandi.
“They don’t want to show their hands, what they know about the bad guys,” he said. “You’re processing a crime scene in real-time.”
But there are risks for victims of cyberattacks who fail to communicate their response plan and strategies for recovery, said Mike Hamilton, chief information security officer with Critical Insights Cybersecurity in Washington state.
The reaction of patients, staff and allied healthcare operations to managing the chain of events could affect the company’s future existence, he said.
“Here’s how close we are to resolution, here’s where we’re diverting, here’s the other hospitals we’re partnering with,” Hamilton said. “They need to make sure they’re communicating … because a lot of people are going to be affected by this.”