A hospital in the U.S. revealed that it has endured a ransomware attack. This digital assault happens to be the most recent in a series of incidents targeting the healthcare industry over the past few years. Even though ransomware usage has seemingly declined in many other industries, the continuous assaults emphasize the essential necessity for organizations in the healthcare business to enhance their digital security and also implement strategies to defend against these importunate threats.
The hospital proclaimed that it first realized it had suffered a malware attack on July 9th, and that the attack affected its access to its own electronic health record or EHR, as well as its internal communications systems.
After the hospital found out about the malware, it immediately activated its response protocol, and the company’s own IT workers collaborated with forensic experts and law enforcement in the investigation into the attack. Additionally, the hospital’s security team did an evaluation of its digital defense capabilities and chose to redirect ambulance patients who had endured stroke or trauma to other healthcare institutions.
Even though the investigation didn’t turn up any evidence that any patient data had been compromised, they still decided to shut the system down temporarily, just as a precaution.
Hospitals are still major targets of ransomware attacks because they tend to not invest very much funding into their IT security. Also, they’re more likely to pay ransoms to regain access to their data because of its level of criticality.
Boston’s Beth Israel Deaconess Medical Center chief information officer, John Halamka asserted that some of the hospitals’ systems are not up-to-date, making them more susceptible to vulnerability-based attacks.
“Each time a patch is introduced, the act of changing a mission-critical system impacts reliability and functionality. Some mission-critical systems were created years ago and never migrated to modern platforms,” Halamka noted.
Hospitals can protect their data by doubling down on their patch management and ensuring that all of their endpoints, networks, databases, medical devices, and applications are all up-to-date. Also, implementation of network segmentation can limit the lateral movement of an attacker. Regularly backing up data will ensure that the hospital’s operations can be quickly resumed if a breach does happen to take place.
Personally, that makes me nervous about going to the hospital. How about you?
Let us know your thoughts in the comments section.