2018 has not gotten off to a good start in the healthcare industry cybersecurity. Still the top targeted industry, we have seen hospital groups and one of the electronic medical record companies fall to very preventable SamSam ransomware attacks.
SamSam infections are troubling
The recent attacks with SamSam ransomware is particularly concerning because it requires the attacker to be inside the victim’s computer network to manually activate the ransomware. This means that the attacker(s) who held Hancock Health, AllScripts, the Colorado Department of Transportation, and most recently at the time of writing, the City of Atlanta, Georgia ransom had remote access to the computer systems of all those organizations.
Research shows cyberattacks have lethal results
Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, has found that 2,100 deaths can be linked to hospital data breaches and lack of cybersecurity protections. The reason is that breaches “trigger remediation activities, regulatory inquires and litigation in the years following a breach…” and these activities affect the performance of the facility, leading to quality issues.
Thinking to the large-scale ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles in February 2016 that brought their computer systems down for weeks, when the attack was at its worst, the hospital had to divert ambulances and even transfer patients to nearby medical facilities for treatment. When WannaCry ransomware hit 16 hospitals in May 2017, at least one facility had to cancel 10 scheduled operations due to computer system outages.
So what do healthcare organizations need to do?
The first step is identifying what is on your network. It is surprising how many organizations have no idea how many computers or internet-connected devices are on their networks, much less their protection status. How can you protect your systems and data if you don’t even know where they reside?
The questions “Do you have a firewall” and “when was it last updated” seems to catch many organizations off-guard and the all too common answer is that “I think my IT guy put one in and I’m sure he’s keeping it up to date”. But that’s not good enough. As an office manager or administrator, you need to know that you have all the protections in place not only to maintain HIPAA compliance but really because you care about your patient’s data and safety.
Contact Axiom today for a short and complimentary cybersecurity risk assessment to go over your cybersecurity strategy. Contact us or call 800-519-5070 to speak with one of our qualified cybersecurity experts.