Hospitals are facing a concerning surge in hacking incidents, as 6 out of every 10 healthcare organizations experienced a ransomware attack in the last year, according to NBC Washington. This is raising the question: How long can organizations take care of patients when their systems are seized?
Per the American Hospital Association, numerous healthcare facilities have contingency plans in place to sustain operations without relying on technology for up to 72 hours, and in some cases, as long as 96 hours. But cybersecurity experts told NBC Washington in a Feb. 8 article that this isn't enough.
Cybersecurity experts suggest that hospitals should create plans to keep running smoothly even if all their technology is down for at least up to 30 days. But hospitals aren't close to being able to implement those plans, according to John Riggi, the cybersecurity and risk national adviser for the American Hospital Association.
"Quite frankly, we're in the beginning stages," he told the publication.
Since the beginning of the year, hackers have targeted and forced systems offline at organizations like Lurie Children's Hospital of Chicago and Brewer, Maine-based Northern Light Health, causing the organizations to resort to downtime procedures that affect care delivery.
Nonprofit patient safety organization ECRI even listed ransomware as a critical threat to the healthcare sector for 2024 in its "Top 10 Health Technology Hazards" report.
"These devastating attacks basically take over a hospital network, rendering it incapable of delivering care," Christian Dameff, MD, an emergency physician who also is a hacker and security researcher at University of California San Diego, told the news outlet.