Why are hospitals vulnerable to cyberattacks? St. Agnes Hospital reacts to "mini-disaster status"
BALTIMORE -- Ascension St. Agnes Hospital says it reacted quickly following a cyberattack on its computer systems that forced the facility to stop admitting new patients to the emergency room.
The hospital says it detected "unusual activity" on Wednesday.
The Maryland Emergency Medical Services System, which monitors hospitals across the state, placed St. Agnes in mini-disaster status, meaning new patients to the emergency room were rerouted to other hospitals.
"These days, every organization needs to be prepared for a cyberattack because it's not really a question of if, but when," said Markus Rauschecker, head of the Cybersecurity Program at the University of Maryland Baltimore.
Ascension St. Agnes officials say they are still assessing the scope of the attack.
"Most organizations, such as hospitals because they understand they are at such high risk there, do have those plans in place," Rauschecker said.
What is a mini-disaster status?
St. Agnes is no longer in mini-disaster status and no longer rerouting patients.
"When a hospital puts a stop admitting new patients, they tend to have the plans in place to implement so that the current patient care isn't jeopardized," Rauschecker said.
Why are hospitals popular cyberattack targets?
How vulnerable are some of these institutions?
"Hospitals and healthcare providers are the prime targets for cybercriminals these days," Rauschecker said. "I think, first and foremost, is the fact that hospitals and healthcare providers have a lot of sensitive information. They have patient files and health insurance information. That's a lot of valuable information that cybercriminals are trying to get their hands on."
Ascension St. Agnes told WJZ in a statement, "Our care teams are trained for these kinds of disruptions and have initiated procedures to ensure patient care delivery continues to be safe and as minimally impacted as possible. There has been a disruption to clinical operations, and we continue to assess the impact and duration of the disruption."
"It's a huge issue, a huge problem," Rauschecker said. "The cybercriminals are getting smarter all the time. They know what they're after, and it's really tough to defend against.
Recent cyberattacks
MedStar faced a ransomware attack in 2016.
However, hospitals aren't the only cyberattack targets. Baltimore City's computers were attacked in 2019, and Baltimore County Public Schools were victims in 2020, leading to concern in the General Assembly.
Top intelligence officials testified before Congress last week that targets across the United States are more vulnerable than ever.
"In virtually all of the attacks that we've seen against U.S. critical infrastructure, cyber actors took advantage of default or weak passwords, unpatched known vulnerabilities and poorly secured network connections to launch relatively simple attacks," said Avril Haines, Director of National Intelligence.