Weekly Checkup
May 28, 2021
Health Care and the Building Cyber-Security Crisis
Last week the Government Accountability Office published a report on cyber insurance, finding that demand for cyber insurance is growing in the health care industry. At the same time, however, “insurer appetite and capacity for underwriting cyber risk has contracted…especially in certain high-risk industry sectors such as health care.” Increasing cyberattacks on health care companies paired with growing demand for expanded telehealth services mean that health care policy conversations will increasingly need to focus on data security.
In late April, cancer treatments for some U.S. cancer patients were disrupted when the Swedish-based Elekta—a company that provides precision cancer radiation treatment systems—had to take down its cloud system amid a data breach. While details on the type of breach have not been made public, at least 42 U.S. cancer centers had to delay scheduled treatments while the cyberattack was addressed. In early May, the San Diego-based Scripps Health hospital system experienced a cyberattack that is still impacting its operations. Details on the type of attack have again been withheld, but in the immediate aftermath, patient appointments were postponed and emergency patients were diverted. In another incident, last week the Alaska Department of Health and Social Services had to take down its website after a malware attack, disrupting access to a number of state services.
Cyberattacks have not been limited to the United States, either. Ireland’s Department of Health has experienced two ransomware attacks in recent days, significantly disrupting the nation’s government-run health care system. And in New Zealand this week, hackers stole patient records from the Waikato District Health Board—which serves 425,000 Kiwis—and released it to the media. All of these attacks have occurred in just the last month; looking back to last year, there are too many incidents to recount.
Overall, the threat seems to have increased during the COVID-19 pandemic. According to one report, there were 92 specific ransomware attacks impacting U.S. health companies and providers and impacting more than 18 million patient records in 2020 alone. All told these attacks are estimated to have cost the health care industry $20.8 billion in 2020. Another recent report found that ransomware attacks targeting the U.S. health industry increase 123 percent from 2019 to 2020.
There are a lot of reasons why health care companies and providers face a unique threat from cyber-attackers. For one, the data these companies hold are worth a fortune. Patient records provide a treasure trove for identity thieves, and that’s not considering the potential for blackmail and ransom demands related to personal health information. But health care providers are also uniquely at risk. Medical devices are increasingly connected and do not have the same levels of security that devices such as computers and even smartphones have. Further, health care workers are simply not well trained to be aware of cyber threats. And health systems often have outdated networks, making them even more vulnerable to attack. In short, health systems provide a unique combination of a wealth of data and insufficient security frameworks.
One positive of the COVID-19 pandemic has been the rise of telemedicine with its opportunities for both savings and patient convenience. But if policymakers want to build on the opportunities for expanded telemedicine post-pandemic, they’re also going to have to make serious efforts at addressing cyber-security in health care.
Video: The Effect of H.R. 3 on Drug Prices and Innovation
AAF’s Director of Health Care Policy Christopher Holt explains why Democrats’ proposed drug-pricing legislation, H.R. 3, will restrict drug availability and innovation.
From Team Health
Video: The Current State of Public Health Relations
Christopher Holt discusses the recent fall in confidence in public health officials amid the COVID-19 pandemic.
Tracking COVID-19 Cases and Vaccinations
Jackson Hammond, Health Care Policy Analyst
To track the progress in vaccinations, the Weekly Checkup will compile the most relevant statistics for the week, with the seven-day period ending on the Wednesday of each week.
| Week Ending: | New COVID-19 Cases: 7-day average |
Newly Fully Vaccinated: 7-Day Average |
Daily Deaths: 7-Day Average |
|
May 26, 2021 |
21,627 |
565,410 |
437 |
|
May 19, 2021 |
27,818 |
975,023 |
504 |
|
May 12, 2021 |
34,468 |
1,179,683 |
569 |
|
May 5, 2021 |
45,657 |
1,380,349 |
611 |
|
April 28, 2021 |
51,847 |
1,417,848 |
634 |
|
April 21, 2021 |
60,849 |
1,463,671 |
664 |
|
April 14, 2021 |
67,772 |
1,712,577 |
665 |
|
April 7, 2021 |
63,772 |
1,550,441 |
586 |
|
March 31, 2021 |
63,657 |
1,353,953 |
725 |
|
March 24, 2021 |
57,355 |
953,497 |
734 |
|
March 17, 2021 |
52,708 |
1,014,026 |
890 |
|
March 10, 2021 |
54,107 |
945,467 |
1,166 |
|
March 3, 2021 |
61,147 |
902,095 |
1,439 |
|
February 24, 2021 |
64,630 |
835,637 |
1,802 |
|
February 17, 2021 |
74,218 |
736,664 |
1,941 |
|
February 10, 2021 |
99,151 |
692,608 |
2,417 |
|
February 3, 2021 |
129,840 |
477,719 |
2,703 |
|
January 27, 2021 |
156,744 |
332,246 |
3,137 |
Sources: Centers for Disease Control and Prevention Trends in COVID-19 Cases and Deaths in the US, and Trends in COVID-19 Vaccinations in the US
Note: The U.S. population is 332,364,254.
Worth a Look
The Hill: Google, hospital chain partner in push to boost efficiency
Axios: A faster way to track COVID variants
