In addition to most in-demand, most impactful, and most burnt-out, healthcare has also recently taken the #1 title for most ransomware attacks in 2023.
FBI’s Alarming Findings
The Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Report paints a stark picture:
- 880,418 complaints
- $12.5 billion in financial losses (22% surge from 2022)
- Healthcare organizations the #1 target, accounting for over 20% of total cases
“Profit-driven cybercriminals and nation-state adversaries alike have the capability to paralyze entire school systems, police departments, healthcare facilities, and individual private sector entities,” the Internet Crime Complaint Center (IC3) emphasized.
“The FBI continues to combat this evolving cyber threat. Our strategy focuses on building strong partnerships with the private sector; removing threats from US networks; pulling back the cloak of anonymity many of these actors hide behind; and hitting cybercriminals where it hurts: their wallets, including their virtual wallets.”
Change Healthcare Case Consequences
Further emphasizing the statistics of the FBI’s report, the recent ransomware attack at Change Healthcare continues to send shockwaves across the industry almost a month after the February 22 breach. The American Hospital Association has referred to the ransomware as “the most significant and consequential incident of its kind against the U.S. health care system in history.”
Both practices and patients are paying the price. Reports of people paying out-of-pocket to fill vital prescriptions have been common. Independent physician practices are particularly vulnerable.
Dr. Margaret Parsons, a dermatologist in Sacramento, California, expressed her concerns about the impact on her practice. With electronic billing disrupted, practices are unable to receive timely payments, leading to financial strain and operational hurdles.
“How can you pay staff, supplies, malpractice insurance — all this — without revenue?” said Dr. Stephen Sisselman, an independent primary care physician on Long Island in New York. “It’s impossible.”
Jackson Health System, in Miami-Dade County, Florida, may miss out on as much as $30 million in payments if the outage lasts a month, said Myriam Torres, its chief revenue officer. Some insurers have offered to mail paper checks.
Charting a Course Towards Resilience
Moving forward, concerted efforts are needed to address these gaps and fortify cybersecurity defenses. Government agencies, industry partners, and healthcare organizations must collaborate to mitigate risks and protect critical infrastructure. A baby step has been the development of voluntary HPH CPGs, though more streamlined regulation is definitely needed.
Individual practices can do their part now by prioritizing cybersecurity, investing in resources, and creating proactive plans. Together, by fostering a culture of collaboration and accountability, we can bridge the existing cybersecurity gaps and safeguard the future of healthcare integrity.
Leave a Reply