Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Info expected to emerge slowly in hospital chain cyberattack

Officials are continuing to decline to reveal new details surrounding an apparent cyberattack on one of the largest health systems in the U.S. It's a situation that security experts say often takes time to learn the full scope of the attack

Kathleen Foody,Kimberlee Kruesi
Friday 07 October 2022 20:34 EDT

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Details of an apparent cyberattack on one of the largest health systems in the U.S. were slow to emerge as security experts on Friday warned that it often takes time to assess the full impact on patients and hospitals.

Earlier this week, CommonSpirit Health confirmed it experienced an “IT security issue” but it has yet to answer detailed questions about the incident, including how many of its 1,000 care sites that serve 20 million Americans may have been affected. The health system giant, which is the second largest nonprofit health system in America, has 140 hospitals in 21 states.

“It actually takes a while to fully know the scope because you’re in the middle of trying to restore all your systems,” said Allan Liska, an analyst with the cybersecurity firm Recorded Future. “You’re trying to get patient care up and running. You’re trying to get your nurses and your doctors back to the systems they need.”

Healthcare organizations are an appealing target for cyber attackers — particularly those who use malware to lock up a victim organization's files and leverage the information for a payment. Ransomware has remained a persistent threat for the industry, which is among the 16 sectors the U.S. government classifies as critical infrastructure.

“Ransomware actors know that’s going to cause a lot of disruption,” Liska said.

Health care systems in 2021 saw an unusually high amount of attacks, with 285 publicly reported worldwide, Liska added. So far, Liska's firm has tracked 155 this year with an average of 20 attacks happening a month. However, he estimated that only about 10% of ransomware attacks are publicized.

Cybersecurity experts said years of work have built health care leaders' trust in the FBI and other federal agencies focused on cyber crime.

An FBI spokesperson declined to comment on whether they were investigating the CommonSpirit Health cyberattack.

John Riggi, the American Hospital Association's national advisor for cybersecurity and risk, said he could not discuss CommonSpirit specifically. In general, though, he said it can take days, weeks or more to discover how an attacker gained access, determine what damage has been done and prevent further harm.

Riggi, who spent nearly 30 years with the FBI, called any significant cyber attack on a hospital “a potential risk to patient safety" and said the U.S. government takes that seriously. Their goal, he said, is to identify the attacker and make their identity and methodology public.

“They don't want to show their hand, what they know about the bad guys,” he said. “You're really processing a crime scene in real time.”

But there are risks to victims of cyber attacks who fail to communicate their response plan and strategies for recovery, said Mike Hamilton, the chief information security officer with Critical Insights Cybersecurity in Washington state.

The reaction of patients, staff and affiliated health care operations to the chain's handling of the incident all could affect the company's future survival, he said.

"Here’s how close we are to resolution, here’s where we’re diverting, here are the other hospitals we’re partnering with," Hamilton said. “They need to be sure they’re communicating ... because so many people are being impacted by this.”

___

Kruesi reported from Nashville, Tenn.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in