For the past several years, healthcare systems and hospitals have been high-profile victims of ransomware and other attacks. Find out what vectors for ransomware the healthcare sector faces.
For the past several years, healthcare systems and hospitals have been high-profile victims of ransomware and other attacks. The main reasons for this are three-fold: first, healthcare and hospitals are critical, and the uninterrupted flow of data through them can mean the difference between life or death. Second, there are high-value data (patient data, payment information, provider data, etc.) in hospital systems. And third, many smaller hospitals or healthcare systems do not have the ability to invest in high-tech cyber defense. Here are a few things that healthcare organizations should know about ransomware – its current trends, targets and tactics.
To remain vigilant against attackers, be aware of typical attack vectors that are used against healthcare institutions.
Memorial Health System was compromised by a cyberattack in August of 2021. The IT department noticed irregularities in the data system causing failures, forcing the hospital to cancel surgeries and exams, and diverting ambulances elsewhere. The hospital system initiated emergency backup systems and modified processes. Memorial Staff turned to pencil and paper charts to offer continuous care for patients. Memorial Health System worked with the FBI and Homeland Security to resolve and fix the security breach.
Scripps Health, another health system that experienced a cyberattack in May 2021, was forced to take a portion of its IT system offline. Like Memorial, this caused a disruption in patient care and required employees to revert to pencil and paper charts. It took several weeks to get the Scripps Health systems back online, and the hospital suffered as a result. The attack cost Scripps $112.7 Million from May to June, mostly in lost revenue. The largest impact of the shutdown was on the appointments and procedures that had to be postponed. To bring operations back to normal, Scripps had to rely on other medical organizations who offered similar services and took on a number of their appointments. Around 150,000 patients were also notified that the hackers acquired some patient data about them. Now Scripps is facing several class action lawsuits from patients who claim that the system’s leaders failed to take the necessary steps to protect their personal medical data from hackers.
There are steps you can take to make sure your business is protected and can run continuously to serve your patients. The best option is to partner with a provider who knows the ins and outs of your business and can translate your cyber strategy into your business strategy. Torchlight can help you:
Contact us to learn what your system’s vulnerabilities might be and what you can do to protect them.