Health Officials Call for Immediate Action Following Ambulance Diverting Cyberattacks

In the wake of cyberattacks disrupting hospital operations and diverting ambulances, the U.S. Department of Health and Human Services (HHS) is pushing for increased funding and stricter security measures for vulnerable health care facilities.

The newly revealed HHS plan, disclosed exclusively to CNN, addresses the growing threat of cyberattacks jeopardizing patient safety. HHS Deputy Secretary Andrea Palm emphasized the urgency of the situation, highlighting the need for enhanced technology and security practices in ill-protected rural hospitals.

The plan comes on the heels of a Thanksgiving Day ransomware attack on Ardent Health Services, compelling hospitals from New Jersey to New Mexico to reroute ambulances. Over the past nine months, similar cyber incidents have forced ambulance diversions in Connecticut, Florida, Idaho, and Pennsylvania.

HHS’s strategy focuses on directing additional funds and training to hospitals lacking basic cybersecurity protections. The department is prepared to leverage authorities, including imposing fines, to ensure health care organizations bolster their cybersecurity defenses. Key federal programs like Medicare and Medicaid will be utilized to implement new cybersecurity requirements for hospitals.

Despite the plan’s unveiling, critical details remain unresolved. HHS officials stress the necessity for increased funding from Congress but have not disclosed the required amount. The plan’s success hinges on the effectiveness and enforceability of cybersecurity metrics, currently being developed in collaboration with industry insiders. Additionally, collaboration with Congress is essential to raise fines for violations related to the protection of health information from cyber threats.

The urgency stems from the potential threat to patient safety, with a 2021 federal study revealing that a ransomware attack can disrupt patient care and strain hospital resources for weeks or months.

Experts point out that small health care providers across the country face challenges in dealing with cyber threats due to a lack of funds and expertise. Many smaller clinics lack dedicated cybersecurity personnel on staff, exacerbating the vulnerability of their systems.

The health sector, designated as “critical infrastructure,” has experienced significant disruptions from ransomware, posing risks to patient safety. Cybersecurity expert Joshua Corman emphasizes the need for substantial changes in federal policies to address the growing threat adequately.

As the Biden administration expresses concerns about the sale of insecure products by software providers, officials stress the importance of improving software quality to enhance cybersecurity in critical infrastructure.

While hospital executives are increasingly aware of cyber threats, the HHS plan underscores the need for immediate action to fortify the nation’s health care system against cyberattacks.