Among the many impacts of the ongoing government shutdown could be an increased cybersecurity threat to hospitals nationwide, especially smaller facilities that rely on government resources.
The longer the shutdown continues, the greater the danger of ransomware attacks and delayed cyber alerts, which could threaten patient safety or potentially impact the delivery of some health system services, according to an Oct. 8 blog post by 3B Healthcare.
With the legislation lapsed, some lawmakers and security analysts are concerned that a crucial pipeline of threat intelligence information will slow dramatically, Fox wrote, putting many health systems and other organizations partly in the dark against quickly evolving cybersecurity threats. For example, some companies may avoid sharing information without the protections offered by CISA 2015. However, threats can be reported anonymously to the Health Information Sharing and Analysis Center (Health-ISAC), a nonprofit organization that shares information about threat intelligence and best practices with health care organizations.
With the number of ransomware incidents continuing to increase, the shutdown could make some health care facilities, especially smaller ones, more vulnerable to cyberattacks, Errol Weiss, chief security officer at Health-ISAC, told BankInfoSecurity in early October.
“Smaller hospitals and clinics often rely on free federal resources like CISA’s Cyber Hygiene scanning service. These organizations lack the extensive in-house cyber staff and budget of larger hospital systems,” he said.
Medical device manufacturers and health IT providers can also be at risk, as they, too, depend on federal agencies for regulatory guidance and information about patches that need to be installed to continue protecting their devices and products, the article said. Meanwhile, health care organizations are being encouraged to contact their product vendors, colleagues or the Health-ISAC for any news about cyber threats and product support.
