The healthcare industry is under constant threat of ransomware attacks. A recent study found 88 percent of all ransomware attacks are directed at hospitals, and another study suggests ransomware cases are expected to double by the end of the year. As such, the industry needs a centralized body to investigate, prevent and resolve these types of attacks from occurring, according to a Health Affairs blog post.
Written by Dean Sittig, PhD, biomedical informatics and bioengineering professor at the University of Texas Health Science Center in Houston, and Hardeep Singh, MD, chief of the health policy, quality and informatics program at Michael E. DeBakey VA Medical Center and Baylor college of Medicine in Houston, the blog calls for a public-private partnership to address the ransomware epidemic.
Such a National Health IT Safety Center was introduced by the Texas Medical Association in a resolution in the American Medical Association House of Delegates, and the resolution was adopted in June. Currently, the authors write it is unclear what actions the AMA will take to advance this effort, but they write that it should be a priority.
The center, suggest the authors, would create teams of multidisciplinary experts that would visit hospitals attacked by ransomware. The teams would interview key stakeholders to audit and identify how attacks happened, ultimately drawing key lessons from the experience. The key lessons would then be gathered and released in reports. "Rather than find fault, the goal of these reports would be to generate actionable recommendations and disseminate this knowledge nationally to institutions using EHRs in an attempt to mitigate future problems," according to the blog.
The authors outline a four-step strategy for the industry to adopt in the absence of a National Health IT Safety Center, which includes adequate system protection, a more reliable system defense focused on users education, monitoring suspicious activities, and a robust response strategy.
"We are at a crossroads," according to the authors. "We could continue to obfuscate and ignore obvious safety issues, including being easy targets for cyber criminals, or we could work together to understand safety events, learn from them, identify best practices to prevent them and work on building a safe and effective health IT infrastructure for our country."
More articles on ransomware:
78% of organizations don't have a plan to deal with cybersecurity
New strain of Locky ransomware can encrypt files even when server is offline
HHS: Ransomware attacks considered breaches in most cases