166
submitted 11 months ago by MicroWave@lemmy.world to c/news@lemmy.world

Hospitals in at least three states are diverting patients from their emergency rooms after a major cyberattack hit their parent company last week.

Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, News Mexico and Texas, forcing it to take action.

top 13 comments
sorted by: hot top controversial new old
[-] FlyingSquid@lemmy.world 44 points 11 months ago

Ardent Health Services

Passing the cost of the ransom to your insurance company who will pass it on to you when they raise your rates to help cover it.

Don't you love a for-profit healthcare system?

[-] solidgrue@lemmy.world 17 points 11 months ago* (last edited 11 months ago)

It actually doesn't work like that. It's very likely Ardent have an underwriter for cyber insurance that will cover the costs of closing the breach and recovering data. Ardent will be accountable to some state or federal Office of Civil Rights for fines related to any data disclosure occurring as a result of the breach. Ardent can't pass the costs on to healthcare insurers, or those carriers will drop Ardent facilities from their provider networks. Patients are unlikely to see increases in their healthcare costs as a result of this breach.

The healthcare industry is indeed a proper mess, and its for-profit nature is rife with conflicts of interest. Their IT organizations are indeed chronically understaffed and underfunded, but there is still regulatory diligence that must be maintained or states will revoke certifications and licenses to practice.

Source: I work in a healthcare adjacent organization, and have supported cleaning up breaches in healthcare. I know folks across several IT provider networks' teams. They are generally competent, engaged and reasonably savvy about things. Of course there are exceptions and not all shops are the same, but from my experience IT in healthcare is generally competent. Usually these things are the result of a practitioner or hospital admin getting spear phished.

[-] Frog-Brawler@kbin.social 9 points 11 months ago

To add on to your point, if they were paying for a full staff of competent IT operations and security, there’s a solid chance this would have probably not happened in the first place.

[-] commandar@lemmy.world 13 points 11 months ago* (last edited 11 months ago)

Healthcare is consistently the most targeted industry for these types of attacks and it's an industry where both vendors have traditionally had very lax security postures and where IT tends to be severely understaffed and underfunded since executives have viewed it as a non-core cost center.

In reality, hospitals are extremely data heavy organizations these days, but the people running them have been extremely slow to recognize and embrace this fact. It's going to take a very long time for most healthcare organizations to get up to modern security standards and practices.

[-] Frog-Brawler@kbin.social 3 points 11 months ago

If only there was a way to take healthcare out of the hands of for profit institutions… 🤔

[-] Grinning@lemmynsfw.com 3 points 11 months ago

These attacks have been going on for years and many hospitals have had to shut down or divert for this reason in the last few years. Homeland security has directed them all to clamp down on security and the FBI and NSA are working with them to determine who is behind the attacks and how to defend.

[-] FlyingSquid@lemmy.world 3 points 11 months ago

Then they would have to charge $100 for a band-aid instead of $50

[-] Kbobabob@lemmy.world 3 points 11 months ago

Then they would have to charge $100 for a band-aid instead of $50

Wouldn't this just cost the insurance company more?

[-] FlyingSquid@lemmy.world 1 points 11 months ago

They don't care.

[-] stratoscaster@lemmy.zip 1 points 11 months ago

The biggest companies on the planet suffer from cyber attacks.

[-] Frog-Brawler@kbin.social 1 points 11 months ago

Indeed. A lot of the bigger companies are able to successfully mitigate a ton of those attacks. Healthcare again and again fails at most things IT related however. There’s a very discernible pattern.

[-] corsicanguppy@lemmy.ca 5 points 11 months ago

for-profit healthcare system

Mercenary. I think that's actually 'mercenary' healthcare.

[-] Amends1782@lemmy.ca 2 points 11 months ago

But but but muh wait times!!

this post was submitted on 28 Nov 2023
166 points (100.0% liked)

News

23275 readers
3490 users here now

Welcome to the News community!

Rules:

1. Be civil


Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.


2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.


Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.


3. No bots, spam or self-promotion.


Only approved bots, which follow the guidelines for bots set by the instance, are allowed.


4. Post titles should be the same as the article used as source.


Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.


5. Only recent news is allowed.


Posts must be news from the most recent 30 days.


6. All posts must be news articles.


No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.


7. No duplicate posts.


If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.


8. Misinformation is prohibited.


Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.


9. No link shorteners.


The auto mod will contact you if a link shortener is detected, please delete your post if they are right.


10. Don't copy entire article in your post body


For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 1 year ago
MODERATORS