Hospitals in at least three states are diverting patients from their emergency rooms after a major cyberattack hit their parent company last week.

Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, News Mexico and Texas, forcing it to take action.

  • Flying Squid@lemmy.world
    link
    fedilink
    arrow-up
    50
    arrow-down
    6
    ·
    11 months ago

    Ardent Health Services

    Passing the cost of the ransom to your insurance company who will pass it on to you when they raise your rates to help cover it.

    Don’t you love a for-profit healthcare system?

    • SolidGrue@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      edit-2
      11 months ago

      It actually doesn’t work like that. It’s very likely Ardent have an underwriter for cyber insurance that will cover the costs of closing the breach and recovering data. Ardent will be accountable to some state or federal Office of Civil Rights for fines related to any data disclosure occurring as a result of the breach. Ardent can’t pass the costs on to healthcare insurers, or those carriers will drop Ardent facilities from their provider networks. Patients are unlikely to see increases in their healthcare costs as a result of this breach.

      The healthcare industry is indeed a proper mess, and its for-profit nature is rife with conflicts of interest. Their IT organizations are indeed chronically understaffed and underfunded, but there is still regulatory diligence that must be maintained or states will revoke certifications and licenses to practice.

      Source: I work in a healthcare adjacent organization, and have supported cleaning up breaches in healthcare. I know folks across several IT provider networks’ teams. They are generally competent, engaged and reasonably savvy about things. Of course there are exceptions and not all shops are the same, but from my experience IT in healthcare is generally competent. Usually these things are the result of a practitioner or hospital admin getting spear phished.

    • Frog-Brawler@kbin.social
      link
      fedilink
      arrow-up
      9
      ·
      11 months ago

      To add on to your point, if they were paying for a full staff of competent IT operations and security, there’s a solid chance this would have probably not happened in the first place.

      • commandar@lemmy.world
        link
        fedilink
        arrow-up
        13
        ·
        edit-2
        11 months ago

        Healthcare is consistently the most targeted industry for these types of attacks and it’s an industry where both vendors have traditionally had very lax security postures and where IT tends to be severely understaffed and underfunded since executives have viewed it as a non-core cost center.

        In reality, hospitals are extremely data heavy organizations these days, but the people running them have been extremely slow to recognize and embrace this fact. It’s going to take a very long time for most healthcare organizations to get up to modern security standards and practices.

      • Grinning@lemmynsfw.com
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        These attacks have been going on for years and many hospitals have had to shut down or divert for this reason in the last few years. Homeland security has directed them all to clamp down on security and the FBI and NSA are working with them to determine who is behind the attacks and how to defend.

        • Frog-Brawler@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Indeed. A lot of the bigger companies are able to successfully mitigate a ton of those attacks. Healthcare again and again fails at most things IT related however. There’s a very discernible pattern.