The hack that shut down the Colonial Pipeline has most Americans worried about threats to the nation’s computer network. According to a recent survey by Rasmussen Reports, 85 percent of Americans are at least “somewhat concerned” about the safety of the nation’s computer infrastructure.
Their concerns are not idle ones—they exist across vital sectors of the economy. Over the last decade, the health care industry has become increasingly vulnerable to ransomware attacks like the one we’ve just been through in the energy sector. Experts have been raising the alarm but thus far their warning cries have not received the attention they deserve.
That needs to change. Policymakers need to pay attention as these kinds of attacks become more frequent and more expensive. According to a study conducted by Comparitech, in 2020 alone 92 individual ransomware attacks occurred that cost an estimated $20 billion and affected over 600 separate clinics, hospitals and organizations and more than 18 million patient records.
Health care systems rely more and more on devices that use network-integrated software components. These machines—MRI machines, CT scanners and the like—are a vital part of 21st century health care. We cannot do without them so we must take steps to ensure they cannot be hacked. Unfortunately, despite growing vulnerabilities, hospitals and other providers are allowing cost concerns to create a serious security gap that could further jeopardize the integrity of certain medical devices, as well as health systems more broadly: third-party medical device servicing activities.
Online infrastructure must be protected from hackers who can cause life-saving technologies to crash with the push of a button. These technologies are essential to diagnostic and therapeutic services and for patient care. People literally cannot live without them yet it’s not clear they are being protected, especially when they need to be repaired. Problematically, these vulnerabilities are being studied just as…