[BreachExchange] Hospitals need to be better prepared for a cyberattack against the nation’s power grid

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jul 25 19:16:29 EDT 2017


http://www.fiercehealthcare.com/privacy-security/
hospitals-need-to-be-better-prepared-for-a-cyberattack-
against-nation-s-power-grid

Hospitals already have their hands full fighting off sector-specific
cyberattacks, but a new warning from researchers indicates the industry
needs to do more to prepare for the ripple effects of a cyberattack against
the nation’s power grid.

Like the healthcare industry, automation within utility systems has created
new cybersecurity vulnerabilities, raising the potential for large power
outages that could disrupt the country’s critical infrastructure.

The threat of a large-scale disruption to power means hospitals and state
regulators need to do more to ensure providers can maintain critical
functionality, according to a report published by the National Academies of
Sciences, Engineering, and Medicine.

“Given the nature of the system, there is simply no way that outages can be
completely avoided, no matter how much time and money is devoted to such an
effort,” the authors wrote. “The system’s reliability and resilience can be
improved but never made perfect.”

The report highlighted specific concerns regarding backup generators at
hospitals and called on state regulators to perform “more regular and
systematic testing.” Researchers noted that failure rates among hospital
backup generators are 10 times that of the nuclear industry.

Recent global ransomware attacks have locked down healthcare systems in the
U.S. and the U.K., but an attack on regional power grids could create
broader disruptions to hospital operations.

A report from the Robert Woods Johnson Foundation indicated the healthcare
industry is making slow progress when it comes to emergency preparedness,
even as hospitals are still overlooking issues tied to a mass casualty.
Although hospitals typically have plans for backup power in a natural
disaster, a cyberattack on the country’s power infrastructure could create
new complications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170725/40c6828b/attachment.html>


More information about the BreachExchange mailing list