Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

Hospitals are at a High Risk of Cyberattacks, but Patients Don’t Realize It

posted by janrinok on Wednesday November 17 2021, @08:33PM   Printer-friendly

upstart writes:

Hospitals are at a high risk of cyberattacks, but patients don't realize it:

Information technology experts are worried about increasing rates of ransomware attacks on healthcare organizations. Most patients, though, don't know they're happening, according to a new survey.

Southern Ohio Medical Center, a not-for-profit hospital in Portsmouth, Ohio, canceled appointments for today and is diverting ambulances after it was hit by a cyberattack on Thursday. It's part of a series of escalating attacks on healthcare organizations in the past two years — a trend that could have serious consequences for patient care.

But while information technology experts are well aware that the risk of cyberattacks that compromise patient data and shut down computer systems is on the rise, patients don't seem to be, according to a new report by cybersecurity company Armis. In fact, over 60 percent of people in the general public surveyed in the new report said they hadn't heard of any cyberattacks in healthcare in the past two years.

That's despite a doubling of cyberattacks on healthcare institutions in 2020, high-profile incidents like the attack on hospital chain Universal Health Services, and a major threat from groups using the ransomware Ryuk. The magnitude of attacks during the COVID-19 pandemic shocked experts, who said that ransomware gangs were targeting hospitals more aggressively than they had before. Unlike attacks on banks or schools, which are also common, these attacks have the potential to directly injure people.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hospitals are at a High Risk of Cyberattacks, but Patients Don’t Realize It | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday November 17 2021, @11:46PM

    by Anonymous Coward on Wednesday November 17 2021, @11:46PM (#1197223)

    That's why you need to separate your reporting and querying functions. An industrial process can broadcast process state, but must not accept any form of input, including even the simple selection of a particular field.

    Querying should be done by a service that listens to the broadcast process state, optionally stores it, performs any necessary munging, and most crucially, is the sole exposure to inputs. This prevents your critical process from expoaure to that security hole, and makes your middle manager feel "empowered" (despite being the threat in this scenario).

    Changes to process state--inputs to the process!--should be communicated face-to-face, if you actually want real security and not theater. Deep fakes are making social engineering even more of a threat. At least with face-to-face, you only need to cope with compromised or malicious personnel.