While reports show some hospitals are choosing to pay ransoms to gain back access to their systems, FBI Director James Comey told the American Hospital Association on Monday that doing so only makes the problem worse.
“I understand that instinct, but it is horribly short-sighted,” he said at the AHA’s Annual Membership Meeting in Washington, D.C. “The idea that this will go away … is foolish. It will be back to you, it will be back to your clients, it will be back to your supply chain, it will be back to your industry.”
A 2016 study by Healthcare IT News and HIMSS Analytics found that about half of hospitals polled are unsure if they would pay the ransom if their systems were compromised by cybercriminals. But about 5 percent said they actually would pay.
Comey told AHA leadership that better information sharing between federal law enforcement and private-sector healthcare organizations is essential for more robust cybersecurity protections. He also said more extensive collaboration between the feds and the private sector to manage the many threats to hospital information networks is needed, according to Politico.
“A vast majority of intrusions are not shared with law enforcement,” Politico quoted Comey as saying. He said a simple heads-up from a just-hacked healthcare organization could go a long way toward better security industry-wide.
“We don’t need memos, we don’t need patient histories,” he said, just an alert that a network has been breached.