How patient safety is hampered by rampant ransomware attacks
Before you finish this article, 15 ransomware attacks will occur. It’s almost a every 11 seconds! Our country’s health system is the main target. These attacks are devastating and many hospitals experience attacks or attempted attacks from emerging ransomware. For example:
- Southern Nevada University Medical Center suffered a ransomware attack in the summer of 2021 that affected 1.3 million individual data, including PHI. Analysts have named REvil, a ransomware group linked to Russia, as the culprit.
- In August, Ohio Memorial Health System suffered a Hive ransomware attack after an unauthorized third party gained access to Memorial’s network four months earlier undetected. With Hive ransomware, actors steal data and encrypt files on the victim’s network. Cyber ââcriminals leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase decryption software. The attack on Memorial Health is estimated to have affected the personal data of 200,000 patients.
- In September, the Health Sector Cybersecurity Coordination Center (HC3) published a BlackMatter ransomware threat summary, a Russian hacking group believed to be a reconstructed version of DarkSide. They recently attacked NEW Cooperative Inc. with a payment request of $ 5.9 million after NEW Cooperative took its systems offline. However, BlackMatter has claimed it will not target hospitals, while HC3 officials say the details are what BlackMatter claims to be and may not be accurate.
The threat of ransomware to patient safety
When a hospital falls victim to a ransomware attack, the lives of patients are in danger. In 2019, a ransomware attack made critical systems and information unavailable during the delivery of an infant, causing significant complications that led to the infant’s death nine months later. The mother recently filed a complaint, stating that she would have visited another hospital had she known about the ransomware attack and its impact.
Criminal syndicates around the world are seeking their fortunes in hospitals and health centers after crippling their operations with ransomware. According to a study by the Ponemon Institute in September 2021, the sad reality is that patients suffer from:
- The length of stay increases,
- Delays in procedures and laboratory tests lead to unfavorable results,
- Diversions to other facilities delay treatment, and
- Patient mortality is on the rise.
Healthcare providers have been ravaged by attacks, but so have critical providers who support healthcare. For example, Nuance, a provider of transcription services for the healthcare industry, has suffered a devastating crisis No attack Petya which caused a staggering four-month outage and loss of revenue estimated at $ 92 million.
Andy Greenberg discusses NotPeyta’s attacks in more detail in his book, Sandworm: a new era of cyber warfare and the hunt for the Kremlin’s most dangerous hackers. He describes how, during the outage, a member of the IT staff at a hospital noticed that two children’s diagnostic reports were missing just before surgery. With only a few hours to spare, IT staff located the hospital’s raw archives, listened to 40 audio files, found the correct one, sent it in for transcription with only a few hours to spare. The following week, the same computer scientist found two more cases, each with only a day or two to lose before major treatment. In one case, a doctor had to manually retype a child’s dictation after re-examining the ultrasound of a child’s heart.
A New England Journal of Medicine study says even a delay of less than five minutes in an ambulance causes patients to die four percent more often in hospitals over the next 30 days. In many cases, time matters. Mortality is affected. Likewise, it is common for hospitals to divert patients to a facility more than five minutes away when they arrive by ambulance during a ransomware attack, which can be fatal.
Health is a prime target for ransomware attacks
The US healthcare system is particularly vulnerable to ransomware attacks due to several factors:
1. Obsolete and vulnerable IT infrastructure and operating systems
Reported forecast, â53% of common medical devices still run on traditional and legacy platforms, posing a risk to patient safety. Â»Obsolete operating systems that are no longer maintained, such as Microsoft 7 and Windows 2008 server, are very commonly used in healthcare.
2. The spread of data and the lack of accurate and up-to-date maps and data inventories.
Consumerization of healthcare continues to accelerate in the post-pandemic world, increasing demands for data liquidity, or the need for healthcare data flow and access. Key drivers include virtual care, accelerating interoperability standards, the realities of the digital gateway, and the rise of retail healthcare providers.
Additionally, the unpredictable data flow in the cloud adds new challenges, such as automated scalability. This quickly leaves the privacy officer with limited information about the data lifecycle, including who can access it and where it is transmitted.
3. The perception that healthcare pays the ransom faster than other industries
Cyber ââcriminals realize how quickly the healthcare industry needs to recover from a cyber attack and try to use this to their advantage to generate ransom payments. They want their payments to be fast, widening the target on the back of health care. In addition to being vulnerable, the health sector is motivated to recover from an attack as quickly as possible. But due to dilapidated computer systems, many healthcare facilities cannot recover properly at all. Thus, bad actors attack healthcare believing that they will receive ransom payments faster than they would with other industries.
4. Lack of in-depth cybersecurity training and awareness
Traditionally, health care did not focus on cybersecurity in general, but rather focused on HIPAA compliance to ensure staff meet federal patient privacy requirements. This is a ‘tick the box’ approach that leaves a void in the organization’s cybersecurity awareness. Bad actors will continue to capitalize on phishing email patterns if employees are not trained on how to identify fraudulent emails.
The lack of cybersecurity skills combined with the abundance of attempted ransomware attacks is a recipe for disaster. A a recent study reported, â37% of healthcare IT decision makers say their organization is exposed to security threats due to skills gaps. He also reported that almost 40% have a lack of data protection skills and that more than half of them (21%) do not follow proper data protection procedures.
There is a lot of talk about how ransomware costs healthcare billions of dollars and not enough talk about its impact on patient safety. To protect the patient, it is necessary to prepare your organization to react when an attack occurs rather than if an attack does occur. Start by isolating your backups from your networks and make sure you have an environment in which to restore your systems. And always practice good IT operational hygiene, including necessary system upgrades and patches. Finally, at all levels of the organization, fill the cybersecurity skills gap so that healthcare can be better equipped to protect their data and patients from a ransomware attack.
Photo: JuSun, Getty Images