« Safety and Security
  

FBI Warns Against Cyberattacks, What Healthcare Facilities Can Do to Better Protect Themselves

Nearly 1 million patient records were breached in March.

By Mackenna Moralez


Ransomware attacks are putting a strain on hospitals and other healthcare facilities. In March, nearly 1 million records were breached because of cyberattacks. According to a report released by the U.S. Department of Health and Human Services (HHS), the five largest attacks were: 

1.) South Denver Cardiology Associates: 287,652 individuals affected 

2.) New Jersey Brain and Spine: 92,453 individuals affected 

3.) Duncan Regional Hospital: 86,379 individuals affected 

4.) Labette health: 85,635 individuals affected 

5.) Law Enforcement Health Benefits: 85,282 individuals affected 

There are many reasons why the healthcare sector is among the most targeted for cybercrimes. There is a large number of electronic devices per facility and systems are often outdated. In addition, healthcare staff often are too busy to stay updated on proper cybersecurity training. The more vulnerable a system is, the easier it is to break through. 

“Like any physical infrastructure asset, technology assets similarly require maintenance and upgrades,” says Mark Mochel, strategic account executive, Brightly. “This is particularly true in areas where systems were not typically exposed to outside threats. Take, for example, an infusion pump or any piece of clinical or utility equipment that is utilizing some form of PC-based processing capability to function. Just a few years ago, that equipment might function off the grid, but now, as the Internet of Things surges forward, all of this equipment is exposed to the world. Cyberattacks on clinical equipment and infrastructure are now possible. The only way to combat that is to make sure that all elements of the technology platforms are hardened against these threats.” 

Employee behavior can play a large role in healthcare facilities getting hacked, according to a study by The Endpoint Ecosystem, which found that 26 percent of healthcare employees still write their work passwords in a personal journal, while 24 percent admitted to storing the information on their phones. The survey also found that the sector has a shadow IT problem. More than 35 percent of respondents said security policies restrict the way they work, and 29 percent admit to finding ways to work around security policies.  

Despite these issue, healthcare workers still understand the consequences a security breach can have on an organization. According to the study, 64 percent of staff believe they will get fired for a data breach, while 57 percent believe their executives should be fired for a privacy breach. Still, 28 percent know someone who exposed their employer to a data breach.  

“While patients may not care which software platform is being used, they will want their hospital visit to reflect a seamless maintenance program,” says Brian Crum, strategic solutions consultant, Brightly. “Technology that can help manage routine and emergent maintenance, as well as repair or replace assets in a manner that is ‘invisible’ to the visitors of a facility will become leaders in the market. This technology will be able to identify and manage schedules to perform work with absolute minimal distraction, as well as determine which issues will impact visitors and develop solutions to mitigate this impact.” 

The FBI is encouraging all organizations – including healthcare – to remain vigilant when it comes to their cybersecurity. The agency warns to not pay ransoms that hackers demand because doing so does not guarantee files will be recovered. If anything, it might encourage them to target more vulnerable sectors that are more willing to pay the cost.  

The FBI has recommended the following protocols to help lower the risk of a ransomware attack: 

Have a contingency plan in place. 

  • Keep all operating systems up to date. 
  • Implement a user training program and phishing exercises. 
  • Require strong, unique passwords for all accounts with password logins. 
  • Require multi-factor authentication. 
  • Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration. 
  • Ensure all backup data is encrypted. 
  • Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud. 

Mackenna Moralez is the assistant editor with Healthcare Facilities Today. 



April 11, 2022


Topic Area: Information Technology , Safety

Recent Posts

Case Study: How NYU Langone Rebuilt for Resilience After Superstorm Sandy

Although the damage was severe, it provided a valuable opportunity for NYU Langone to assess structural vulnerabilities and increase facility resilience.

Frederick Health Hospital Faces 5 Lawsuits Following Ransomware Attack

The lawsuits accuse FHH of inadequate cybersecurity, poor breach notification and failing to protect patients from identity theft risks.

Arkansas Methodist Medical Center and Baptist Memorial Health Care to Merge

They have signed a non-binding letter of intent to complete a shared mission agreement to merge the two organizations.

Ground Broken on Intermountain Saratoga Springs Multi-Specialty Clinic

The clinic is scheduled to open and start seeing patients in the fall of 2026.

Electrical Fire Tests Resilience of Massachusetts Hospital

Signature Healthcare Brockton Hospital used opportunity to renovate key systems and components and expand facility operations.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.