HHS said the voluntary measures “will inform the creation of new enforceable cybersecurity standards,” department spokesperson Jeff Nesbit said in a statement.

“The recent cyberattack at Ascension only underscores the need for everyone in the health care ecosystem to do their part to secure their systems and protect patients,” Nesbit said.

Meanwhile, lobbyists for the hospital industry contend cybersecurity mandates or penalties are misplaced and would curtail hospitals’ resources to fend off attacks.

“Hospitals and health systems are not the primary source of cyber risk exposure facing the health care sector,” the American Hospital Association, the largest lobbying group for U.S. hospitals, said in an April statement prepared for U.S. House lawmakers. Most large data breaches that hit hospitals in 2023 originated with third-party “business associates” or other health entities, including CMS itself, the AHA statement said.

Hospitals consolidating into large multistate health systems face increased risk of data breaches and ransomware attacks, according to one study. Ascension in 2022 was the third-largest hospital chain in the U.S. by number of beds, according to the most recent data from the federal Agency for Healthcare Research and Quality.

And while cybersecurity regulations can quickly become outdated, they can at least make it clear that if health systems fail to implement basic protections there “should be consequences for that,” Jim Bagian, a former director of the National Center for Patient Safety at the Veterans Health Administration, told Michigan Public’s Stateside.

Patients can pay the price when lapses occur. Those in hospital care face a greater likelihood of death during a cyberattack, according to researchers at the University of Minnesota School of Public Health.

Workers concerned about patient safety at Ascension hospitals in Michigan have called for the company to make changes.

“We implore Ascension to recognize the internal problems that continue to plague its hospitals, both publicly and transparently,” said Dina Carlisle, a nurse and the president of the OPEIU Local 40 union, which represents nurses at Ascension Providence Rochester. At least 125 staff members at that Ascension hospital have signed a petition asking administrators to temporarily reduce elective surgeries and nonemergency patient admissions, like under the protocols many hospitals adopted early in the covid-19 pandemic.

Watson, the Kansas ICU nurse, said in late May that nurses had urged management to bring in more nurses to help manage the workflow. “Everything that we say has fallen on deaf ears,” she said.

“It is very hard to be a nurse at Ascension right now,” Watson said in late May. “It is very hard to be a patient at Ascension right now.”

____

©2024 KFF Health News. Distributed by Tribune Content Agency, LLC.