March 7, 2026
Random News

News

About me

IL

Find Me On

Trending News

Cybersecurity
Healthcare’s Massive Cybersecurity Challenge 01
02
AI
Amazon Upgrades AI Image Generator
03
AI
Google Assistant Survives to Automate Another Day
04
AI
AI Startup Investments Surge to $24 Billion in Q2 2024, According to Crunchbase Data
05
AI
Samsung Unveils Galaxy Z Fold 6 and Z Flip 6 Featuring Galaxy AI and Gemini

Healthcare’s Massive Cybersecurity Challenge

ilolome0108 mins

In a tense simulation at Maricopa Medical Center, emergency medicine resident Paul Pugsley faced a critical scenario: a stroke patient needed a CT scan urgently. But a pop-up message demanding bitcoin had appeared on the computer screen, and soon after, the CT scanner was shut down by the same ransomware. This simulated incident highlighted a growing and very real threat to healthcare: cyberattacks.

Reports indicate that ransomware and other cyberattacks are on the rise, with healthcare being a major target. Recently, researchers in Israel demonstrated malware capable of adding fake tumors to CT and MRI scans, potentially leading to misdiagnoses of high-profile patients. Despite this escalating threat, most hospitals and physicians are unprepared for cybersecurity breaches, posing a significant public health risk.

The healthcare industry heavily relies on internet-connected technology, from patient records and lab results to radiology equipment and hospital elevators. While this connectivity enhances patient care by facilitating data integration and clinical support, it also makes systems vulnerable to cyberattacks. These attacks can steal patient data, hijack devices to mine cryptocurrency, or shut down entire hospitals until a ransom is paid.

“If systems are disrupted over the internet, by an adversary or an accident, that can have a profound impact on patient care,” says Beau Woods, a cybersecurity advocate and cybersafety innovation fellow with the Atlantic Council.

The simulated case Pugsley faced mirrored the 2017 WannaCry cyberattack, which affected thousands of computers globally and caused chaos within the UK’s National Health Service. The 2017 Health Care Industry Cybersecurity Task Force concluded that healthcare cybersecurity was in “critical condition.” Unlike other industries, such as finance, where cybersecurity failures result in data breaches, failures in healthcare can lead to injury or death.

While there is no evidence that WannaCry directly caused patient deaths, it did disrupt thousands of hospital computers and diagnostic equipment, forcing doctors to manually ferry lab results and cancel nearly 20,000 patient appointments. This attack exploited vulnerabilities in the Microsoft Windows operating system, encrypting data and demanding a ransom. Although WannaCry was eventually contained, Woods warns that healthcare institutions remain vulnerable to similar attacks.

“We know there’s kindling on the ground, we just don’t know what match is going to light it,” Woods says.

The 2017 NotPetya cyberattack, one of the largest ever, caused $10 billion in damages and affected computers worldwide, including those at Massachusetts-based medical transcription service Nuance. This left thousands of healthcare organizations, including Sutter Health in Northern California, unable to use its programs for weeks. Despite being prepared, Sutter Health had a backlog of over one million files needing transcription, highlighting how even well-prepared systems can be overwhelmed by cyberattacks.

Sutter Health, which faces billions of cyberthreats annually, uses AI to prioritize and manage these threats. However, many hospitals lack the resources to monitor and respond to cybersecurity threats effectively. Most hospitals don’t have full-time cybersecurity staff, particularly in rural or underserved areas. This lack of resources and awareness leaves many hospitals vulnerable.

Medical devices, ranging from pacemakers to drug infusion pumps, are also susceptible to hacking. Many hospitals are unaware of the systems running these devices, making it difficult to manage security risks. Data security practices in hospitals often focus on protecting patient privacy to avoid HIPAA fines, but this can lead to neglecting the security of devices that don’t store patient health information.

The Food and Drug Administration (FDA) has guidelines for managing security risks in medical devices, and some manufacturers are working closely with hackers and researchers to address vulnerabilities. However, hospitals and physicians often lag behind in adopting these security measures.

In November, a ransomware attack shut down computer systems at East Ohio Regional Hospital and Ohio Valley Medical Center, forcing staff to revert to paper charting and divert emergency patients. While the hospitals managed without severe outcomes, the incident underscored the tension between cybersecurity needs and patient care efficiency. Cybersecurity measures can slow down clinical workflows, making it challenging for busy healthcare providers to fully engage with security practices.

Cybersecurity experts emphasize the importance of framing cyberattacks as patient safety issues to get buy-in from clinicians. Education and training for physicians, as well as regulatory intervention, are crucial to improving healthcare cybersecurity. Beau Woods warns that if a major cyberattack like WannaCry hit the US healthcare system today, hospitals would be unprepared, and the response would have to be improvised.

“The ongoing work to try to bring healthcare up to speed on best practices is exciting, and there’s demand for information from patients and investors. But lives are still at risk,” Woods says. “There’s a lot going on. My fear is that it won’t be fast enough.”

Leave a Reply

Your email address will not be published. Required fields are marked *