Emergency rooms in at least 3 states diverting patients after ransomware attack
Emergency rooms in at least 3 states diverting patients after ransomware attack
www.nbcnews.com
Emergency rooms in at least 3 states diverting patients after ransomware attack
Hospitals in at least three states are diverting patients from their emergency rooms after a major cyberattack hit their parent company last week.
Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, News Mexico and Texas, forcing it to take action.
Passing the cost of the ransom to your insurance company who will pass it on to you when they raise your rates to help cover it.
Don't you love a for-profit healthcare system?
It actually doesn't work like that. It's very likely Ardent have an underwriter for cyber insurance that will cover the costs of closing the breach and recovering data. Ardent will be accountable to some state or federal Office of Civil Rights for fines related to any data disclosure occurring as a result of the breach. Ardent can't pass the costs on to healthcare insurers, or those carriers will drop Ardent facilities from their provider networks. Patients are unlikely to see increases in their healthcare costs as a result of this breach.
The healthcare industry is indeed a proper mess, and its for-profit nature is rife with conflicts of interest. Their IT organizations are indeed chronically understaffed and underfunded, but there is still regulatory diligence that must be maintained or states will revoke certifications and licenses to practice.
Source: I work in a healthcare adjacent organization, and have supported cleaning up breaches in healthcare. I know folks across several IT provider networks' teams. They are generally competent, engaged and reasonably savvy about things. Of course there are exceptions and not all shops are the same, but from my experience IT in healthcare is generally competent. Usually these things are the result of a practitioner or hospital admin getting spear phished.
To add on to your point, if they were paying for a full staff of competent IT operations and security, there’s a solid chance this would have probably not happened in the first place.
Healthcare is consistently the most targeted industry for these types of attacks and it's an industry where both vendors have traditionally had very lax security postures and where IT tends to be severely understaffed and underfunded since executives have viewed it as a non-core cost center.
In reality, hospitals are extremely data heavy organizations these days, but the people running them have been extremely slow to recognize and embrace this fact. It's going to take a very long time for most healthcare organizations to get up to modern security standards and practices.
Then they would have to charge $100 for a band-aid instead of $50
The biggest companies on the planet suffer from cyber attacks.
Mercenary. I think that's actually 'mercenary' healthcare.