On February 2, 2024, Chicago’s Lurie Children’s Hospital faced a significant cybersecurity issue, prompting the temporary shutdown of its network. Utilizing Epic System’s electronic health record software, the hospital acknowledged the disruption, actively engaging with experts and law enforcement to address the matter. While still operational, the hospital took precautionary measures by disabling phone, email, and electronic medical systems, impacting scheduled surgeries and communication with patients’ families.
This incident aligns with the escalating cybersecurity threats faced by health systems nationwide. The Department of Health and Human Services recently outlined voluntary cybersecurity goals for the health sector in response to a 2023 report highlighting alarming increases in cyber attacks targeting U.S. hospitals, jeopardizing operations for financial gain.
Lurie Children’s has not officially labeled the disruption as a cyber attack, and inquiries remain unanswered. The health sector witnessed a record number of data breaches last year, affecting up to 116 million patients, with hacking and I.T. incidents contributing significantly to this surge.
**Preventing Future Attacks: The Role of CISO and CIO**
Addressing the rising threat landscape, healthcare organizations must fortify their cybersecurity measures. Ransomware attacks from countries like Russia, China, North Korea, and Iran exploit vulnerabilities in connected medical devices, cloud services, and remote work systems. The American Hospital Association emphasizes the importance of national security in combating these attacks and discourages ransom payments.
Healthcare providers dealing with increasingly complex networks face challenges in keeping up with evolving vulnerabilities. The perpetrators, often breaching ethical boundaries, target high-value yet vulnerable entities like children’s hospitals. Nitin Natarajan, deputy director of the federal Cybersecurity & Infrastructure Security Agency, underscores the attractiveness of health organizations to adversaries due to the wealth of sensitive information they possess.
In the broader context, the FBI has warned about state-sponsored Chinese hackers targeting U.S. infrastructure, although there’s no indication that Lurie’s incident is linked to a national security threat. As the threat landscape evolves, collaboration between Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) becomes instrumental in implementing robust cybersecurity measures and safeguarding critical healthcare systems.
Stay vigilant and prioritize cybersecurity to mitigate the risk of such disruptive incidents. If you have any concerns or require assistance, please feel free to reach out for a discussion on enhancing your organization’s cybersecurity posture.