Whether they have worked in the healthcare industry or not, most understand the sensitivity and importance of the patient information that is stored by healthcare groups and systems. Healthcare providers have a responsibility to protect patient information by ensuring their cybersecurity infrastructure meets requirements dictated by compliance policies such as HIPAA, yet cyber attackers continue to try, and sometimes succeed, in accessing this sensitive data.
Ascension Healthcare System, a nonprofit and catholic healthcare system with 140 hospitals across the US, experienced an unfortunate cyber-attack that disrupted their clinical operations. As of the time of this post, Ascension is in the process of determining the extent of the breach, working to restore full services, as well as the extent of information that may have been compromised.
This comes on the heels of the cyber-attack against United Healthcare a couple months ago. United Healthcare notified their patients that they were the victims of a malware attack from well-known "cyber-gang" ALPHV, also known as BlackCat, that granted the attackers access to patients' confidential and highly sensitive information. With no other option, United Healthcare was forced to pay the ransom in order to get control of their systems, costing the healthcare group $872 million.
Though healthcare is an industry with strict compliance guidelines and regulations, they are a huge target for cyberattacks for their storage of sensitive information which can be leveraged for large sums of money. With US healthcare now in the crosshairs, governmental bodies are looking to advanced solutions to prevent future attacks from occurring.
These recent events are setting an unwanted trend of cyber-attacks against the US medical industry, with ramifications that can be felt throughout the country, begging the question of the reliability and implementation of current security rules and regulations that must be upheld by all healthcare providers.
Although these recent concerns are being seriously discussed, it will still be a while before we see any actual change, leaving us to learn from these attacks and be aware moving forward. Though the investigation into Ascencion has yet to announce the type of cyberattack as well as who sent the attack, we do know that United Healthcare was the victim of a ransomware attack.
As a quick refresher, a ransomware attack occurs when an attacker is able to invade a system with malware, locking users out of the system and not allowing re-entry until a ransom amount is paid. They usually use tactics such as phishing or social engineering. Most recently, advances in AI have added deep fakes as a possible mode of attack.
First and foremost, keeping up to date on the latest cyber-attack tactics and cybersecurity measures is key. Knowledge is power and the more you know, the better chance you'll see the signs of an issue before it gets out of control. The best thing for anyone in a decision making position at a company would be to designate the responsibilities to those who are knowledgeable and trusted enough to ensure the safety and security of your system and data.
Once you have the knowledge and ability to better secure your business, it's all about the follow through. Implementing safeguards such as firewalls, utilizing known secure cloud services, and using multi-factor authentication act as barriers against possible attacks. Then the training of your users on recognizing the signs of a possible phishing attempts and how to avoid ransomware attacks can make all the difference in securing your business.
Having question or concerns? We would love to have a conversation to determine where your security needs may lie and how we could help with those measure moving forward. Our consultation is completely free with no obligation, we simply want the opportunity to present something unique we fee could improve your business today