Cybersecurity Roundup: Digital Attacks Disrupt Care Across U.S.

November 30, 2023

The health care sector has faced a flurry of reports of data breaches and ransomware attacks across the U.S. this month.

Reports of digital disruptions that affect patient care are another reminder that everyone needs to stay vigilant against ransomware attacks, date breaches, and other cyber threats. Health care is a common target for these attacks, as our hospitals, doctors, and staff provide a vital community service.

Here’s a roundup of some of the recent incidents:

• Thanksgiving cyberattack:  In a statement, Ardent Health announced its facilities across multiple states had been affected by a ransomware attack during Thanksgiving and that it had proactively diverted emergency room patients to other area hospitals and health systems. The company operates 30 hospitals and provider locations in multiple states (Texas, Oklahoma, New Mexico, Kansas, Idaho, and New Jersey).
• An attack on utilities:  This week, the Municipal Water Authority of Aliquippa reported it had been hit with a breach of its equipment, forcing it to operate some of its pumps in manual mode.
  • Health systems should plan for disruptions in the event a public utility is affected by a ransomware attack or another form of digital disruption.
• Notable :  Capital Health, a central New Jersey-based hospital provider, announced it was experiencing network outages it believed were related to a cyberattack.
  • The system said it was continuing to serve patients in its emergency rooms, practices, and all other locations as it worked to get its system back online.
  • The company has specialty and physician offices in Bucks County and is planning a micro-hospital in the area.
• A cyber warning:  The FDA’s Office of Information Security issued a warning this month about the Emotet ransomware group, which has been identified as one of the “world’s most dangerous malware” gangs that has historically attacked the health care sector.
  • A recent report indicated the health care sector faced dozens of cyberattacks every day, including increased targeting from Emotet.
• What you can do:  The Cybersecurity and Infrastructure Security Agency has a guide and other best practices to help health care organizations prepare and respond to these attacks.

For more information about health care cybersecurity, contact Jason Tomashunas, MS, CHEP, HAP manager, emergency management.

Members of the American Hospital Association (AHA) also are encouraged to avail themselves of the valuable expertise and experience of John Riggi, the AHA’s senior advisor for cybersecurity and risk.