77°F
weather icon Clear
Las Vegas, NV
Nevada

Nevada’s Rosen aims to protect hospitals from Russian cyberattacks

Sen. Jacky Rosen, D-Nev., speaks on Capitol Hill in Washington in September 2021. (Stefani Reyn ...
Sen. Jacky Rosen, D-Nev., speaks on Capitol Hill in Washington in September 2021. (Stefani Reynolds/The New York Times via AP, Pool)
Sen. Bill Cassidy, R-La., speaks to reporters at the Capitol in Washington in August 2021. (AP ...
Sen. Bill Cassidy, R-La., speaks to reporters at the Capitol in Washington in August 2021. (AP Photo/J. Scott Applewhite)
More Stories
Clark County Registrar Lorena Portillo shows the Review-Journal how an electronic poll pad work ...
What signatures do county officials check when verifying your mail ballot?
Jay McCandless, left, and his wife Marijke McCandless, right, free climb a rock wall following ...
‘Free Solo’ climber Alex Honnold advocates for rock climbing bill
(AP Photo/M. Spencer Green)
Trump campaign mum on Nevada voter outreach efforts
From left to right: Sam Brown, Bill Conrad, Tony Grady and Jeff Gunter are just some of the can ...
2024 GOP Senate race: Where the candidates stand on the border
By / Las Vegas Review-Journal
March 24, 2022 - 9:00 am
 
Updated March 24, 2022 - 5:14 pm

Nevada Democratic Sen. Jacky Rosen and Republican Louisiana Sen. Bill Cassidy late Wednesday introduced bipartisan legislation aimed at protecting hospitals and the health care sector from potential Russian cyberattacks.

The Healthcare Cybersecurity Act would direct the Cybersecurity and Infrastructure Security Agency to collaborate with the Department of Health and Human Services to bolster cybersecurity in the health care and public health sector, according to Rosen’s office.

“Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes,” Rosen said in a statement. “This bipartisan bill will help strengthen cybersecurity protections and protect lives.”

The bill’s introduction comes after President Joe Biden and his administration earlier this week urged American companies to take immediate action to harden their cyber defenses “based on evolving intelligence that the Russian government is exploring options for potential cyberattacks.” According to a new POLITICO analysis of Health and Human Services data, nearly 50 million people in the U.S. had their sensitive health data breached in 2021, a threefold increase in just the last three years.

In addition to requiring collaboration between the federal agencies, the legislation would authorize cybersecurity training for healthcare and public health care entities on cybersecurity risks and ways to mitigate them.

It also would require the Cybersecurity and Infrastructure Security Agency to conduct a detailed study of specific risks and their impacts, challenges in updating information systems and cybersecurity workforce shortages.

The bill does not authorize any additional funding to implement these measures, said Joe Bush, Rosen’s press secretary.

Hospitals ‘under attack for years’

Cyberattacks on hospitals, including those in Southern Nevada, are not new.

“While the war in Ukraine may have elevated the threat level, the fact is that our hospitals have been under attack for years,” said Brett Callow, a threat analyst for cybersecurity firm Emsisoft. “And they still are under attack, with at least four having been hit by ransomware already this year.”

He said hospitals need to identify areas where they may not have implemented best practices and take corrective action as soon as possible.

“Unless we find ways to improve security in the healthcare sector, it’s only a matter of time before an attack costs somebody their life. In fact, that may already have happened,” Callow said in an email.

He pointed to a lawsuit alleging that a 2019 ransomware attack on Mobile, Ala.-based Springhill Medical Center resulted in a baby’s death.

The facility shut down its network for nearly eight days because of a ransomware attack. Patient records were inaccessible, and medical staff were cut off from equipment used to monitor fetal heartbeats, according to the Wall Street Journal.

The lawsuit was filed by the mother of an infant girl born with the umbilical cord wrapped around her neck, cutting off the supply of blood and oxygen. Normally, the condition triggers warning signs on a heart monitor.

The baby suffered severe brain damage and died nine months later.

Cyber attacks on local hospitals

The legislation was welcomed by Mason Van Houweling, CEO of University Medical Center in central Las Vegas.

“As a recent victim of a cybersecurity attack, we understand the importance of collaborating with various agencies to safeguard valuable information through education, mitigation and additional resources,” he said.

In June of last year, UMC confirmed a criminal data breach after a notorious hacker group began posting personal information purportedly obtained in a cyberattack.

UMC acknowledged that cybercriminals had accessed a server used to store data, including protected health information.

Universal Health Services, which operates Valley Health System hospitals in Southern Nevada, said it shut down its computer networks across the U.S. following a cyberattack on Sept. 27, 2020. It was two weeks before the computer networks were restored.

“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyber-attacks,” said Cassidy, the Louisiana senator and a physician. “This bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”

A previous version of this story incorrectly stated that the bill would be introduced Thursday.

Contact Mary Hynes at mhynes@reviewjournal.com or 702-383-0336. Follow @MaryHynes1 on Twitter.

MOST READ
1
Here’s how much a single adult needs to make to ‘live comfortably’ in Las Vegas
Here’s how much a single adult needs to make to ‘live comfortably’ in Las Vegas
2
Henderson boy with autism found in metal cage, parents arrested
Henderson boy with autism found in metal cage, parents arrested
3
Former homes of Las Vegas mobsters that have sold in recent years
Former homes of Las Vegas mobsters that have sold in recent years
4
$1.3M slots jackpot hits at Las Vegas airport
$1.3M slots jackpot hits at Las Vegas airport
5
Tropicana’s implosion set for fall, making way for A’s ballpark
Tropicana’s implosion set for fall, making way for A’s ballpark
THE LATEST
(AP Photo/M. Spencer Green)
Trump campaign mum on Nevada voter outreach efforts
By Jessica Hill / RJ

While the Biden campaign has opened multiple campaign offices in the Las Vegas Valley and held dozens of events, the Trump campaign declines to share its Nevada voter outreach strategy.