Summary: ECRI reports an increase in ransomware attacks targeting healthcare through remote access systems, disrupting operations and compromising patient data. Recommendations include securing remote systems, conducting regular security audits, and developing comprehensive incident response plans.


Key Takeaways:

  • Enhanced Security Measures: Secure remote access systems and perform regular updates and vulnerability scans.
  • Incident Response Planning: Establish detailed contingency and recovery plans for ransomware attacks.
  • Legal and Preventative Strategies: Maintain backups and consult legal counsel in case of breaches, emphasizing the risks of ransom payment.

Ransomware attacks are increasingly exploiting remote access systems at healthcare facilities, causing disruption to critical hospital operations and patient care, according to a new report from ECRI.

Widespread Remote Access and Associated Risks

Hospitals commonly provide remote network access to a range of users including hybrid or remote staff, physicians, and vendors involved in financial operations or system maintenance. These entry points, if not sufficiently secured, offer attackers opportunities to infiltrate and navigate hospital networks extensively.

“The consequences of these attacks can be devastating: vital medical records held hostage, treatment plans in disarray, and potentially deadly delays in care,” said Marcus Schabacker, MD, PhD, president and CEO of ECRI. “Each unchecked vulnerability is a threat to patient safety. To grow complacent about cybersecurity in healthcare is to play fast and loose with patients’ lives.”

Recommendations for Mitigating Ransomware Risks

ECRI’s report outlines strategies for healthcare facilities to fortify their defenses against ransomware through proper remote access management. Key recommendations from the report include:

  • Secure Configuration and Updates: Ensure remote access systems and VPNs are securely configured and regularly updated.
  • Vulnerability Scans: Utilize available resources such as the free vulnerability scanning services provided by the Cybersecurity & Infrastructure Security Agency (CISA) to identify security gaps.
  • Audit and Remediation: Regularly check systems against the CISA Known Exploited Vulnerabilities catalog and prioritize fixing identified issues.

“Although we’re seeing an uptick in ransomware that targets remote access, this threat is not new,” said Schabacker. “ECRI has called out cybersecurity issues in our annual top ten hazards list every year since 2018 – with hackers exploiting remote access topping the list in 2019. It’s alarming that the issue has only worsened in the years since.”

Incident Response Strategies

The report also stresses the importance of developing comprehensive incident response strategies, including:

  • Establishing clear procedures for operating without electronic medical records and other networked systems.
  • Identifying contacts within law enforcement and primary vendor support for both clinical and IT emergencies.
  • Maintaining effective backup systems and routinely testing these backups to ensure quick recovery in case of an attack.

ECRI’s complete report, available to members, documents recent high-profile ransomware incidents, underscoring the growing threat to the healthcare industry and the critical need for improved cybersecurity measures.