JACKSONVILLE, Fla. – Hospitals are on high alert as federal authorities confirm they’re investigating “credible threats” from Russian hackers trying to steal patient data and lock up health care systems.
Reports show cybercriminals in Russia and other countries are deploying ransomware virus in which victims must pay a hefty ransom in order to get back sensitive data.
A recent attack, which affected Universal Health Services, showed the vulnerability. UHS has more than 400 locations across the United States, including two in Jacksonville: River Point Behavioral Health and Wekiva Springs Center.
“Cybercriminal operators encrypt the systems and data hospitals depend on in the digital age,” a prominent health care executive with first-hand knowledge of the hack told the News4Jax I-TEAM . “Historically, this was done in the pursuit of ransom and in return for the keys to decrypt the hospitals' information. These recent attacks by Russian speaking outfits appear more likely to have the goal of disruption to our nation’s critical health care infrastructure.”
“We should be concerned as health care people. It’s very concerning,” said Will Conaway, the vice president of provider delivery for the HCI Group and Techmahindra.
The HCI Group, based in Jacksonville, is a global health care information technology consulting company that works with hospitals' electronic medical records.
“They want your data,” Conaway said. “It’s worth money. It’s worth a lot of money."
He said his and other companies are working around the clock to prevent more attacks.
“Hospitals do have backups when something goes down, but it takes people out of the workflow, it unnerves people and it will cause issues,” he added.
It’s especially dangerous with the coronavirus pandemic and the potential for hospitals to be overloaded again. And, with a technology-centric world, anything is possible.
“We might see the first cyber murder,” Conaway said. “As people start to be able to get into unmanaged devices and maybe a pacemaker, maybe an insulin pump, and other items.”
Cybersecurity experts point out that these hospitals need to test their systems with simulated cyberattacks and invest in better digital infrastructure. They also say patients need to use this as a reminder to protect their passwords and personal data.
On Wednesday, the FBI, Department of Homeland Security and Department of Health and Human Services released a joint 15-page cybersecurity warning. In it, they advised companies against paying ransoms.