• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
CommentaryCybersecurity

The hacker ‘ceasefire’ with hospitals is over—and that should terrify us

By
Peter J. Beshar
Peter J. Beshar
and
Jane Holl Lute
Jane Holl Lute
Down Arrow Button Icon
By
Peter J. Beshar
Peter J. Beshar
and
Jane Holl Lute
Jane Holl Lute
Down Arrow Button Icon
December 9, 2020, 3:00 PM ET
Hospitals Cybersecurity Covid19
Hackers are no longer honoring the “ceasefire” to not use ransomware on hospitals during the COVID-19 crisis, write Peter J. Beshar and Jane Holl Lute.Win McNamee—Getty Images
Add Fortune on Google for similar content.

In the early days of the pandemic, cyber hackers hinted at a sort of honor code among thieves. Prominent hacking groups like Maze declared that no attacks would be launched against medical organizations until “the stabilization of the situation with the virus.” Other hackers offered free decoder keys if a hospital was inadvertently impacted by a ransomware attack.

If this purported ceasefire was ever real, it is now a distant memory. In an unprecedented joint bulletin, the FBI, Department of Homeland Security (DHS), and Department of Health and Human Services recently warned of a “credible” and “imminent” ransomware attack against U.S. hospital networks.

Hospitals may not seem like ideal targets for cyberattackers, but two factors are making them more valuable and vulnerable than ever. The first is that COVID-19 hospitalizations are spiking as never before. Earlier this week, the U.S. exceeded 100,000 daily hospitalizations due to COVID, breaking a series of earlier records—including those that were set in April during the pandemic’s first wave. 

At the same time, hospital systems have expanded dramatically. In the past decade there have been more than 680 mergers of hospital systems, creating sprawling networks that span hundreds of hospitals and tens of thousands of physicians. The goal of this industry consolidation was undoubtedly efficiency. Yet increased connectivity across disparate IT systems has introduced a systemic risk to a vital piece of our nation’s infrastructure. 

If a ransomware attack disabled the operations of dozens of hospitals at this moment of maximum vulnerability, the impact would be profound. As health care workers fight heroically against one invisible enemy, we must not be blindsided by another shadowy foe.

Given the stakes, hospitals need to confront this risk head-on.

First, recognize the epidemic of ransomware. Ransomware attacks have doubled in just the past three months. And hospitals in particular have become the new soft targets, with more than 80 publicly reported ransomware attacks thus far in 2020.

In addition, hackers are utilizing a new, more vicious form of attack called “double extortion.” Rather than simply encrypting and holding your data hostage, attackers are also threatening to release reams of sensitive data publicly. This double whammy has greatly increased the leverage of attackers and the pressure on hospital management teams. To date, the health care sector has lagged other industries like finance and energy in making greater investments in their cyber resilience. Recognizing and internalizing this new ransomware threat, and its potential potency, is a critical first step.

Second, back up your data. Every organization needs a multilayered system of defense that includes security measures to prevent breaches by connected devices; network segmentation, which allows network administrators to control the flow of traffic across networks; and relentless efforts to find and fix software vulnerabilities. To combat ransomware, however, backups are a critical line of defense—especially for a hospital system that is the guardian of sensitive, personal information. An organization that is able to rapidly restore or recreate its data is far better positioned to fend off demands for ransom. 

The specific form of backup—whether it’s an offline system, or the emerging “immutable” technology that relies on Write Once, Read Many (WORM) formatting, which stores files in a way that can’t be altered—is less important than the fact that a sound system exists. And wherever possible, encrypt your data both in transit and at rest.

Third, pressure test your ransom philosophy. Frustrated by the growing number of organizations that are paying ransoms, the U.S. Treasury issued an advisory opinion last month reinforcing the potential penalties for doing so. Ransom payments are effectively funding hackers’ R&D for more sophisticated forms of attack. Any organization that feels coerced into paying a ransom should, at a minimum, analyze the potential risks of sanctions, especially if Bitcoin payments eventually find their way to a terrorist organization. 

Now is the time for hospital networks to revisit their incident response plans and build stronger relationships with law enforcement, the Cybersecurity and Infrastructure Security Agency at DHS, and information sharing and analysis centers (nonprofit organizations that offer resources on cyber threats). In addition, hospitals need to test their business continuity plans against multiple scenarios arising from a widespread IT outage. 

Cyber threats are no longer confined to the digital realm. Instead, they have dire implications for hospitals and vaccine research labs that are critical to saving lives. As hackers increasingly target our nation’s health care infrastructure, the potential consequences have morphed from the loss of data to the loss of life. 

With forecasts for a bleak COVID winter before us, our hospitals, and their leadership teams, need to step up to protect us all. 

Peter J. Beshar is general counsel of Marsh & McLennan and has testified before Congress on cybersecurity multiple times.

Jane Holl Lute served as deputy secretary of homeland security from 2009 to 2013 and is on the board of the Center for Internet Security.

About the Authors
By Peter J. Beshar
See full bioRight Arrow Button Icon
By Jane Holl Lute
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Commentary

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Commentary

senate
CommentaryCongress
One rare bipartisan AI bill is moving through Congress. Here’s why it deserves to pass
By Neil Björkman and Betsy BrewerJuly 1, 2026
7 hours ago
I know how Gen Z can survive the ‘jobpocalypse’ because I built an AI company — in 2015
CommentaryCareers
I know how Gen Z can survive the ‘jobpocalypse’ because I built an AI company — in 2015
By Jeremy FainJuly 1, 2026
7 hours ago
mr
Commentary250 Years of Innovation
America needs 3.8 million manufacturing workers. This CEO has a blueprint to find them
By Mark RayfieldJuly 1, 2026
7 hours ago
usa
Commentary250 Years of Innovation
America at 250: why the Constitution was built to restrain government, not celebrate majority rule
By Steve H. HankeJuly 1, 2026
7 hours ago
t
CommentaryMedia
Netflix could turn NBC into its biggest bet yet — and this time, the math actually works
By Jeffrey Sonnenfeld and Steven TianJune 30, 2026
1 day ago
wb
CommentaryLeadership
I grew BDO from $600 million to $3.4 billion. Here’s the 3-part formula that made it possible
By Wayne BersonJune 30, 2026
1 day ago

Most Popular

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
6 days ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
4 days ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
11 hours ago
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
Commentary
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
By Marc AndersenJune 30, 2026
1 day ago
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
Newsletters
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
By Diane BradyJuly 1, 2026
9 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.