SEATTLE — When the Fred Hutchinson Cancer Center suffered a cyber attack late last year, exposing the personal data of nearly 1 million patients, many were caught off guard, and many were surprised that such a large, well-resourced organization I was stunned that a breach could enter a healthcare organization.
But those involved in computer security weren't surprised. Other hospitals and medical facilities across the country have been hit by similar attacks in recent years, in some cases shutting down entire systems, delaying patient treatments and tests and diverting ambulances to other emergency rooms. There have also been cases where this is the case.
Federal and local cybersecurity experts say cyberattacks of all kinds have plagued large businesses, small businesses and individuals in recent decades, but in recent years healthcare has become the No. 1 target. . These organizations hold large amounts of patient data, including medical records, financial information, social security numbers, names, and addresses. Also, since these companies are among the few that are open 24/7, they are more likely to prioritize avoiding disruption and are therefore more likely to pay ransoms to hackers.
“It's basically a one-stop shop for adversaries,” said Chris Callahan, cybersecurity director for the federal Cybersecurity and Infrastructure Security Agency's Northwest region. The agency, part of the U.S. Department of Homeland Security, which also works to protect against government and election hacking, has recently made health care one of its most urgent priorities, along with K-12 education and water supplies. It's surfacing, Callahan said. .
