Comey to hospitals: Paying ransoms is a big mistake

While meeting demands set by cybercriminals may solve the problem short-term, the FBI director tells hospitals it will come back to haunt them.
By Mike Miliard
02:40 PM

While reports show some hospitals are choosing to pay ransoms to gain back access to their systems, FBI Director James Comey told the American Hospital Association on Monday that doing so only makes the problem worse.

"I understand that instinct, but it is horribly short-sighted," he said at the AHA's Annual Membership Meeting in Washington, D.C. "The idea that this will go away … is foolish. It will be back to you, it will be back to your clients, it will be back to your supply chain, it will be back to your industry."

A 2016 study by Healthcare IT News and HIMSS Analytics found that about half of hospitals polled are unsure if they would pay the ransom if their systems were compromised by cybercriminals. But about 5 percent said they actually would pay.

Learn on-demand, earn credit, find products and solutions. Get Started >>


Comey told AHA leadership that better information sharing between federal law enforcement and private-sector healthcare organizations is essential for more robust cybersecurity protections. He also said more extensive collaboration between the feds and the private sector to manage the many threats to hospital information networks is needed, according to Politico.

[Also: Wannacry timeline: How it happened and the industry response to ransomware attack]

"A vast majority of intrusions are not shared with law enforcement," Politico quoted Comey as saying. He said a simple heads-up from a just-hacked healthcare organization could go a long way toward better security industry-wide.

"We don't need memos, we don't need patient histories," he said, just an alert that a network has been breached.

Twitter: @MikeMiliardHITN
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn