It took security experts up to Friday to prepare for the coming challenge of determining what the full impact of a cyberattack may be on patients and hospitals at one of the largest health systems in the U.S. Security experts warned that it often takes time to assess the full impact of the attack on patients and hospitals.

Common Spirit Health confirmed earlier this week that they have experienced an information security breach. However, they are yet to respond in detail to questions about the incident. This includes how many of the company's 1,000 care sites serving 20 million Americans were affected by this issue. The health system giant, which is the second-largest nonprofit health system in America, has 140 hospitals in 21 states.

"Several things have to be considered when one is attempting to restore all their systems and finding out the scope of the attack," says Allan Liska, an analyst with the cybersecurity firm Recorded Future. In other words, you are trying to get patient care up and running so that patients can receive care; you are trying to get your doctors and nurses back to using the systems they need to continue their work.

In the healthcare industry, cyber attackers are increasingly considering targeting healthcare organizations - especially those who use malware to lock up a victim's files and manipulate the information to profit from their activities. According to the U.S. government, Ransomware has remained a persistent threat to the industry. This is among the 16 categories of critical infrastructure that the U.S. government identifies as critical.

"The actors behind ransomware will probably know that this will cause a lot of disruption," Liska explained.

As a result, the global healthcare system in 2021 has seen an unusually high number of attacks, with 285 publicly reported cases reported worldwide, according to Liska. Since the beginning of the year, Liska has tracked 155 attacks, an average of 20 attacks per month, suggesting a growing problem. Nevertheless, he estimated that only about 10% of ransomware attacks are publicized, and publicized attacks are highly rare.

Several cyber security experts have said that years of work have promoted a sense of trust among healthcare leaders in the FBI and other federal agencies that target cybercrime.

An FBI spokesperson declined to comment on whether they were investigating the cyberattack on CommonSpirit Health as part of their cybercrime investigation.

According to John Riggi, who serves as the American Hospital Association's national advisor for cybersecurity and risk, he was not qualified to discuss CommonSpirit in particular. Although, in general, he said, it can take days, weeks, or even months to figure out how an attacker gained access to the network, determine what damage has been done, as well as prevent any further damage from occurring.

As Riggi, a former FBI agent who worked for nearly 30 years in the field of cyber security, emphasized that a significant cyberattack on a hospital could pose a serious threat to patient safety and that it was taken seriously by the U.S. government. A major goal of their organization is to identify the attacker and disclose their identity and methodology.

"They don't want to show their hands, and they do not want to divulge what they know about the bad guys," the officer said. During the processing of a crime scene, you are working on the scene in real-time."

However, there is a risk that cyberattack victims who fail to communicate their response plan to attackers and their recovery strategies are at increased risk of being targeted by cybercriminals. This is predicted by Mike Hamilton, the chief information security officer at Critical Insights Cybersecurity in Washington state.