A cyber attack launched against the Hollywood Presbyterian Medical Center has left staff to declare an “internal emergency.”
The hospital is said to have fallen victim to a ransomware attack, where hackers infect a PC through phishing campaigns or malicious downloads, installing itself into a victim's system and encrypting system files. In order or decrypt these sensitive files, they must pay a ransom fee. In this case, a $3.6 million ransom fee is being demanded by hackers. It is currently still unknown if any patient or employee information has been compromised in this attack.
The Hollywood hospital has been unable to conduct its usual day to day operations as employees are unable to access important patient files. Hospital president & CEO, Allen Stefanek, claims the emergency section of the hospital has been “sporadically impacted” and patient details including X-rays, CT Scans, and lab work cannot be accessed, making this situation very dangerous for patients.
Consequently, a large number of patients have been unable to receive treatment and some have even been transported to different hospitals.
The hospital’s medical staff have been having to rely solely on fax machines and telephones, leaving them inefficient and unable to safely help patients.
Attackers targeting the healthcare industry has been a common trend over the past few years, with over 91 million records being compromised in the largest healthcare breaches to date: Premera & Anthem BlueCross BlueShield.
According to Bitglass’ 2016 Healthcare Data Breach Report, 98% of records leaked last year were due in part to these large-scale breaches targeting the healthcare industry. These findings come from the U.S. Department of Health’s online database that requires breach disclosures by organizations as a part of the Health Insurance Portability and Accountability Act (HIPAA).
Protected Health Information (PHI) includes very sensitive information like social security numbers, medical records, and dates of birth, which according to the Ponemon Institute are sold on average for $363 on the black-market.
Unlike credit card breaches where those affected can simply terminate all fraudulent transactions and are protected by law, victims of PHI data breaches have little to no resources and are generally not promptly informed of their data being compromised.
Each time access is provided to healthcare data, the potential for loss of privacy & integrity increases. With that being said, healthcare organizations need to embrace state-of-the-art data security solutions and meet security & compliance requirements so avoid being the next victim of a large-scale attack.
The healthcare industry needs to step up to the plate and implement best in class breach prevention and detection solutions to ward off cyber-criminals and protect the medical credentials of its consumers. Having solutions in an organization's IT environment that can detect the presence of malware and ensure hardening measures and user access controls are being enforced will help better protect the sensitive data that make up the healthcare sector.
Any drift from configuration or breach activity needs to be alerted in real time, and with solutions with Breach Detection and File Integrity Monitoring, your organization will be able to monitor any activity within sensitive files and alert you if and why a breach occurs.
Read this article on ZDNet