In recent years, cyberattacks targeting hospitals and healthcare systems have been increasing at an alarming rate, highlighting major vulnerabilities in the cyber defenses of the sector. These attacks have wide-ranging impacts on patient treatment, safety, and sensitive medical data. Two recent incidents at hospitals in New York underscore the disruptions and risks caused by the rise in cyber threats.

Just this month, Margaretville Hospital and HealthAlliance Hospital in New York suffered a cyberattack that forced them to completely shut down their IT systems. With systems locked down, the hospitals had to divert ambulances and discharge current patients to other facilities. This mirrors an incident in August where a cyberattack affected hospitals in five states, also prompting systemwide computer shutdowns.

These attacks contribute to an overall trend of cybercriminals aggressively taking aim at healthcare organizations. According to FBI data, the agency was investigating around 100 cyber incidents targeting the healthcare sector in 2021 alone. Many of these involve ransomware, where attackers encrypt systems and demand payment to decrypt them. Across the industry, 45 million patient records were breached in 2021, up 55% from the previous year.

Hospitals and clinics make attractive targets due to the sensitive medical data they house and the critical nature of their services. Patient treatment frequently ends up affected. In two high-profile cases, hospitals had to close their emergency rooms and divert patients due to cyberattacks. In one incident, a diverted patient died as the increased distance to the alternate hospital delayed treatment.

Beyond immediate risks from diversions and shutdowns, cyberattacks cause appointment cancellations, treatment delays, administrative disruptions, and lost access to patient data. The average healthcare organization now spends over $3.5 million annually on cybersecurity. However, antiquated systems containing gaps in security remain common. Tighter regulations have been proposed to push healthcare systems to modernize defenses.

Cybercriminals are growing more sophisticated as security measures lag behind. Until cybersecurity is elevated to match current threats, patients remain at risk from attacks exploiting vulnerable healthcare institutions. Hospitals and clinics still have widespread work to do beefing up their protections, assessing risks, updating systems, and training staff. Otherwise these attacks will persist, jeopardizing patient health through treatment disruptions, data loss, and safety risks.

In a hybrid work world, an effective balance between flexibility, productivity, and robust cybersecurity measures is crucial. Without it, businesses face a ticking time bomb of security threats. As businesses continue to navigate the challenges of the hybrid work model, partnership with a skilled MSP is no longer a luxury but a necessity to stay secure and in business. Protecting yourself is getting tougher but must be done to keep your business or government agency, school, state, city, etc. running. Ask the Hybrid Work Experts at Apex Technology Services about how they can help your organization stay secure.