Hospitals in at least three states are diverting patients from their emergency rooms after a major cyberattack hit their parent company last week.
Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, News Mexico and Texas, forcing it to take action.
Ardent Health Services
Passing the cost of the ransom to your insurance company who will pass it on to you when they raise your rates to help cover it.
Don’t you love a for-profit healthcare system?
It actually doesn’t work like that. It’s very likely Ardent have an underwriter for cyber insurance that will cover the costs of closing the breach and recovering data. Ardent will be accountable to some state or federal Office of Civil Rights for fines related to any data disclosure occurring as a result of the breach. Ardent can’t pass the costs on to healthcare insurers, or those carriers will drop Ardent facilities from their provider networks. Patients are unlikely to see increases in their healthcare costs as a result of this breach.
The healthcare industry is indeed a proper mess, and its for-profit nature is rife with conflicts of interest. Their IT organizations are indeed chronically understaffed and underfunded, but there is still regulatory diligence that must be maintained or states will revoke certifications and licenses to practice.
Source: I work in a healthcare adjacent organization, and have supported cleaning up breaches in healthcare. I know folks across several IT provider networks’ teams. They are generally competent, engaged and reasonably savvy about things. Of course there are exceptions and not all shops are the same, but from my experience IT in healthcare is generally competent. Usually these things are the result of a practitioner or hospital admin getting spear phished.
To add on to your point, if they were paying for a full staff of competent IT operations and security, there’s a solid chance this would have probably not happened in the first place.
Healthcare is consistently the most targeted industry for these types of attacks and it’s an industry where both vendors have traditionally had very lax security postures and where IT tends to be severely understaffed and underfunded since executives have viewed it as a non-core cost center.
In reality, hospitals are extremely data heavy organizations these days, but the people running them have been extremely slow to recognize and embrace this fact. It’s going to take a very long time for most healthcare organizations to get up to modern security standards and practices.
If only there was a way to take healthcare out of the hands of for profit institutions… 🤔
These attacks have been going on for years and many hospitals have had to shut down or divert for this reason in the last few years. Homeland security has directed them all to clamp down on security and the FBI and NSA are working with them to determine who is behind the attacks and how to defend.
Then they would have to charge $100 for a band-aid instead of $50
Then they would have to charge $100 for a band-aid instead of $50
Wouldn’t this just cost the insurance company more?
They don’t care.
The biggest companies on the planet suffer from cyber attacks.
Indeed. A lot of the bigger companies are able to successfully mitigate a ton of those attacks. Healthcare again and again fails at most things IT related however. There’s a very discernible pattern.
Removed by mod
But but but muh wait times!!