FBI WARNING:
Ransomware Attacks on Healthcare Facilities See Historic Rise.
In the past several months, four health care institutions have fallen victim to ransomware attacks; three successful phishing breaches were reported in New York’s St. Lawrence Health System and yet another at the Sky Lakes Medical Center in Oregon. Just months before this, Universal Health Services suffered a breach of one of their facilities in the early hours of the morning. Even before investigations could reveal evidence of compromised records, UHS was still forced to make an unsettling public statement of the attack’s success in penetrating their defenses.
These attacks are part of an ongoing plague of ransomware campaigns the U.S. has suffered over the last several months as stated in a national warning issued by the FBI and the U.S. Cybersecurity & Infrastructure Security Agency. In the statement, they warn that cybercriminal enterprises have “continued to develop new functionality and tools, increasing the ease, speed, and profitability of phishing campaigns.”
These breaches are not only costly in HIPAA fines and devastating to the reputation of the victim but in the extremes, successful ransomware attacks can even lead to death by paralyzing doctors’ ability to treat or accept patients.
The FBI believes their warning can do a great deal to mobilize healthcare facilities against this imminent threat, but ultimately, warnings are useless if national healthcare leadership doesn’t act quickly to raise their employees’ awareness of this new hazard.
The Smaller the Facility, the Bigger the Threat
Because of their size and location, smaller institutions and those in rural locations often believe they are less of a target to cyberattacks of this nature. This is, however, exactly what makes them the perfect target for cybercriminal enterprises. They know that the defenses are weaker in smaller facilities as they have fewer employees or they rely on third-party security which leaves broader gaps between security and compliance efforts.
Immediate Action Could Save You Millions
Effective security starts with a state of constant vigilance and accountability. Here are just a few simple questions each healthcare institution should be asking themselves in the wake of this threat:
- Who in your organization is personally responsible for handling the consequences of a breach?
- In the event of an investigation by the OCR, who is responsible for providing comprehensive documentation of your institution’s evidence of effort?
- Who in your organization is responsible for the coordination of vendor compliance, cybersecurity training, and documentation of threat response measures?
By taking a fresh look at your organization’s prevention measures, you can begin to see where the gaps in your accountability lie.
Recent Comments