How Can Hospitals Prevent Ransomware Attacks?

More than 200 healthcare facilities have fallen victim to ransomware attacks in the last three years

By Mackenna Moralez, Assistant Editor


Cybercrimes are on the rise, and no industry is safe – especially healthcare.

Last month, two Indiana hospitals fell victim to ransomware attacks, forcing them to resort to manual methods as their online systems were compromised. These attacks are not uncommon. Hospitals and other healthcare facilities are among favorites for cyber criminals, as more than 200 locations have been targeted in the last three years, and that number is only expected to increase exponentially in the coming years, according to The Wall Street Journal.

“Healthcare facilities are a high valued target in that they offer threat actors the potential of capturing patient information to resell on the dark web,” says Fred Gordy, director of cybersecurity with Intelligent Buildings. “There is also a new threat in the form of ‘Killware.’ According to Gartner, ‘Killware’ is designed to actually harm, or worse, kill humans, In the thousands of assessments, we have performed, we find building control systems to be attached to the web insecurely and easily accessible. These systems control everything from operatory suites, oxygen systems, blood storage, and patient rooms making them an easy target for Killware.”

Sure, there are still scams that are easy to identify, such as, “Click here to receive your $500 gift card,” but many are started to look like they are coming from a manufacturer, service provider or coworker. Because of this, many companies have begun implementing a double-verification system in order to limit the number of malware outbreaks.

“In 2020, there was a 600 percent increase of operational technology ransomware attacks across all business sectors including healthcare,” Gordy says. “Historically, the building system front end has been used as an engineer’s workstation. When a rogue link is clicked, it seizes the front end, and communication to the system is lost. Typically, the system is not being backed up, or if it is, the backups are out of date, making recovery difficult at best. By moving the front-end/application host into either a data center or moving it off the engineer’s desk into a locked closet so that it is no longer used as a workstation, almost 100 percent of the events we have seen could have been avoided.”

Patient information should never be connected to networks that store and transmit information, Gordy says. The International Society of Automation (ISA) standard, Zones and Conduit, should be used on any building control/operational technology network. When hospitals and other healthcare facilities do not use the standard or have a cybersecurity plan in place, the risks can include disruption of service, compromise of the patient network by network traversal, and potentially harm and loss of life.

Mackenna Moralez is the assistant editor of Healthcare Facilities Today.



November 12, 2021


Topic Area: Information Technology


Recent Posts

Making Healthcare Lighting More Energy Efficient and Sustainable

Lighting manufacturers discuss the latest developments to make lighting more eco-friendly.


UMC Health System Grapples with IT Outage from Ransomware Attack

The organization’s facilities remained operational despite the IT outage.


Boston Medical Center Welcomes Two New Facilities into Health System

Good Samaritan Medical Center and St. Elizabeth’s Medical Center are officially part of the health system.


Inspira Health Breaks Ground on Mullica Hill Expansion

The new 150,000-square-foot, five-story wing is expected to be open in the first quarter of 2027.


Cleanology: The Need for a Study of Cleaning

There are no accepted risk-based standards to verify whether a hospital is truly clean and safe.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.