Cascading impacts from attacks on interconnected
critical infrastructure sectors
such as communications and electricity “can be substantial.”
The healthcare sector and supporting critical infrastructure sectors “can no longer look at the challenges through just a cyber and/or physical lens but must consider all threats to operational resilience,” while the education sector suffers from equity issues reflected in reduced cyber protection capabilities in under-funded K-12 districts and colleges, experts told lawmakers.
“With the rise in digital health care, the proliferation of advances in technology and the efficiencies of connecting devices and data, the cyber threat surface in health care has ballooned and the threat actors have followed,” Health Information Sharing and Analysis Center (H-ISAC) President and CEO Denise Anderson, also representing the Health Sector Coordinating Council Cybersecurity Working Group, said at the hearing of the Senate Health, Education, Labor and Pensions Committee on May 18 to examine cyber threats to the healthcare and education sectors. “The focus has traditionally been on data and privacy, but if providers cannot deliver services or data is manipulated or destroyed patient lives can be at risk.”
Ransomware, she stressed, “has had a big impact on the health sector,” with Ryuk ransomware linked to more than 200 ransomware attacks impacting health facilities that inflicted revenue losses of nearly $100 million and remediation costs of $500 million.