Healthcare Cybersecurity: Insights from Recent Hospital Cyber Attacks

On November 30, 2023, Capital Health fell victim to a cyber attack, resulting in network outages that disrupted their healthcare system in New Jersey. Promptly identifying the incident as a cybersecurity breach, Capital Health engaged law enforcement, cybersecurity experts, and forensic specialists to mitigate the impact.

Such cyber-attacks can have severe repercussions, affecting patient care and leading to disruptions in services. In Capital Health's case, outpatient radiology services became unavailable, medical appointments were rescheduled, and surgeries were prioritized based on urgency. These disruptions not only jeopardize patient care but also expose sensitive patient and financial data, potentially resulting in privacy breaches and legal consequences.

Financial losses are another significant consequence, with cyber-attacks often leading to class action lawsuits against affected healthcare organizations. Additionally, reputational damage can erode trust in healthcare institutions, prompting patients to seek services elsewhere due to concerns about the security of their data.

Actionable Insights for Hospital Administrators

To safeguard healthcare systems from cyber threats, hospital administrators should consider implementing the following measures:

  1. Regularly Update Software: Ensure that both operating systems and installed software are regularly updated to address security vulnerabilities.
  2. Update Firmware on IoT Devices: Regularly update firmware on Internet of Things (IoT) devices to prevent lateral movement by hackers within the network.
  3. Staff Training: Educate staff on cybersecurity best practices, emphasizing the risks associated with using personal devices on hospital networks.
  4. Access Controls: Implement strict access controls to prevent unauthorized access, including password sharing and common username usage.
  5. Cybersecurity Assessments: Conduct regular cybersecurity risk assessments to identify and address vulnerabilities proactively.
  6. Healthcare Cybersecurity: Encrypt sensitive data, especially electronic Protected Health Information (ePHI), to protect it from unauthorized access in case of a breach.
  7. Robust Backup and Recovery Plan: Ensure a comprehensive backup and recovery plan, including regular testing of backups to verify accessibility and reliability.
  8. Collaborate with Cybersecurity Experts: Establish partnerships with cybersecurity experts, law enforcement, and organizations like the FBI and CISA for ongoing threat intelligence and assistance during incidents.

The recent cyber attack on Capital Health serves as a stark reminder of the cybersecurity challenges faced by healthcare systems. By implementing these proactive measures, hospital administrators can strengthen their cybersecurity defenses and better protect their organizations from the evolving threats posed by cybercriminals. Stay vigilant, stay safe, and let's build a more secure healthcare environment together.