Hospitals and Power Grid Attacks: Experts Urge Better Preparedness

It’s fairly common knowledge that the number of large-scale health care data breaches has been on the rise in recent years, often dominating headlines and causing concern in the health care community. This spring, too, saw the “WannaCry” ransomware attack cause widespread disruption in the U.S. and United Kingdom, including in some hospitals. Now, experts at the National Academies of Science, Engineering, and Medicine are urging hospitals and other organizations to prepare for another potential challenge: a cyberattack on the nation’s power grid. As Fierce Healthcare first reported, the authors of a new report entitled “Enhancing the Resilience of the Nation’s Electricity System” identified vulnerabilities in the United States power grid, while also offering advice on preparedness.

The report’s authors note that preparedness, rather than outright prevention, should be organizations’ focus. “Given the nature of the system, there is simply no way that outages can be completely avoided, no matter how much time and money is devoted to such an effort,” they explain. “The system’s reliability and resilience can be improved but never made perfect.” One of the reasons for the system’s increased vulnerability in recent years is the rise of automation in high-voltage systems. While this “allows the system to operate more efficiently” and can increase reliability, “this added complexity can also introduce cybersecurity vulnerabilities.” In the case of hospitals, this means not taking backup generators for granted; indeed, the authors point to the failure of numerous hospital backup generators during Hurricane Sandy in 2012 in calling for “more regular and systematic testing” of the devices.

What, then, can hospitals and other organizations do to improve their chances in the event of a power grid attack? The authors offer a series of recommendations for government officials, regulators, and private organizations. Among them: Public-private partnerships to improve infrastructure in the event of a grid failure. “Public and private parties should…improve their ability to maintain and restore critical services—such as power for hospitals, first responders, water supply and sewage systems, and communication systems.” They also urge public-private “cyber monitoring” partnerships, and advise that various entities partner to perform regular “regional emergency preparedness exercises,” including simulations. In addition, they suggest the better sharing of best practices regarding “resilience-enhancing technical capabilities” among system operators and regulators.

Click here to read the Fierce Healthcare article on preparedness for power grid attacks.

Click here to read the National Academies report on potential power grid attacks.


Leave a Reply