‘It’s not a good week for healthcare’: Health system IT execs react to recent ransomware attacks

Unofficial by the health system, it has been widely speculated by news sources including CNBC and The Wall Street Journal that ransomware was behind the attack on UHS. On Sept. 10, a ransomware attack on a hospital in Dusseldorf, Germany, encrypted 30 hospital servers and forced it to re-route emergency situation clients, which might have caused at least one client to die before getting treatment.

She also said the health system is concentrated on protecting endpoints in addition to having the right firewall programs in place.

” Today, the majority of every health system is fighting the COVID-19 pandemic in some method. This pandemic has our personnel stressed and tired. These two combinations can impact the attention to information when using innovation tools such as email; processes such as patching equipment; periodic maintenance on scientific equipment etc. This generates threat for any health system,” said Brian Jones, CIO of Billings (Mont.) Clinic. “Locally, our cybersecurity approach is always being examined from the position of threat to the company and patients we serve. Our company believe in a holistic approach from investing in personnel education and have them as our front-line cyber-defenders, working out simulated phishing attacks, ensure our network positionings and division effectively include a layer of defense for our medical products and naturally multi-factor authentication.”

Ms. Hughes stated the recent attacks have actually triggered her and her group to show on their systems and hold internal discussions about the controls and intelligence in location to combat cyberattacks. She stated Northwell has a “defense in depth” method that layers physical, technical and administrative security measures to decrease any attacks.

” It pains me to hear of healthcare organizations getting attacked. Interfering with health care operations can be deadly and dangerous. Without knowing particularly what has actually occurred at UHS, its tough to reason; however, this occasion must be a pointer to all health care organizations that specific items should never go ignored or kept, such as downtime treatments, business connection and catastrophe healing strategies,” he said.

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this material? View our policies by click on this link.

” Theres been a regrettable boost in cyberattacks on healthcare organizations, and I dont expect this pattern changing anytime quickly,” stated Jesus Delgado, vice president and CIO of Community Healthcare System in Munster, Ind. “Therefore, the investment on cyber security innovations needs to continue to be thoroughly thought about and effectively communicated to executive leadership. The cybersecurity program requires to be thoroughly managed. It is important that CIOs and CISOs join forces to develop a program that consists of innovation, an event response strategy, a service partnership, corporate policies and a user awareness program”

Northwell currently had the prevalent message organizationwide that everyone must be looking out for possible cyberattacks and report any suspect activity to the assistance desk. The health system likewise released a message just recently on the systems intranet advising individuals to stay alert versus possible risks and reconfirming their function in keeping the system safe and secure.

More short articles on health IT: Employees describe disorderly scene at UHS hospitals in the middle of IT incidentLas Vegas health system says IT problem forced 6 medical facilities offline: 5 detailsOhio healthcare facility postpones more surgical treatments due to weeklong computer system failure

” In addition, cyber teams ought to remain in a consistent state of monitoring and proactively searching for issues within their network and systems and be quick to respond. System updates and patching are constantly vital and all cybersecurity programs should include a robust and really comprehensive security awareness program as nearly all cyberattacks are initially performed through a single users action.”

The shift to remote work throughout the pandemic has likewise possibly made it simpler for cyberattacks to take place.

” Theres been an unfortunate boost in cyberattacks on health care companies, and I do not expect this pattern changing anytime soon,” stated Jesus Delgado, vice president and CIO of Community Healthcare System in Munster, Ind. “Therefore, the investment on cyber security technologies requires to continue to be thoroughly considered and appropriately communicated to executive management. Cybersecurity has constantly been leading of mind for CIOs and health system IT leaders, but it has actually become important after these current attacks. Numerous compounding aspects have actually made health care companies targets at this time; they are likely to pay the ransom to bring back systems as rapidly as possible and resume patient care.” Today, many every health system is combatting the COVID-19 pandemic in some way. Its ended up being a difficulty now with the expanded remote labor force that weve been living in considering that COVID-19, but we are making sure systems are covered and that they have encryption and malware protection in location.”

Cybersecurity has actually always been leading of mind for CIOs and health system IT leaders, however it has actually ended up being critical after these current attacks. A number of compounding aspects have made healthcare companies targets at this time; they are most likely to pay the ransom to bring back systems as quickly as possible and resume patient care.

” Everyone in the company belongs to the security team in preventing this sort of attack,” she said. “We want to make certain we have excellent backups in case something does promote and occur security awareness so everybody will be watchful and tap into the risk intelligence resources we need to get the current and greatest info and ensure best practices remain in place. We are continuously finding and monitoring and reacting to events that come up for evaluation.”

” Its not a good week for health care,” stated Kathy Hughes, CISO of Northwell Health in New Hyde Park, N.Y. “Healthcare is and has been the No. 1 target for cyber criminal offense and the variety of attacks on health care organizations have actually been increasing greatly over the previous couple of years, mostly because of the worth of information they can acquire from a successful attack, and the truth that cybercriminals know that if they lock up systems and data, that has a substantial influence on operations.”


” The principle of firewall softwares on networks is a thing of the past,” she stated. “We are concentrated on making certain the points of entry, whether phishing attack or user interaction with an email, clicking on the link, opening an accessory, or offering credentials, are fortified. Our individuals are the last line of defense and are our human firewall softwares.”

Mitch Parker, executive director of details security and compliance at Indiana University Health said cyberattacks will continue to grow and sees partnerships as an essential part of defenses.

The biggest breach occurred at King of Prussia, Pa.-based Universal Health Services, a 26-hospital health system with hundreds of scientific places. The health system reported an IT security event that began on the night of Sept. 27 and is ongoing, although on Sept. 30 the health system released a declaration that some IT systems have actually been recovered and are ending up being functional again.

” Its having numerous layers of protection and defense in place that supply the best defense and results from an occasion because you arent depending on one innovation or technique to protect the environment,” she said. “We are revisiting fundamental cyber health organizationwide and making certain our systems are covered. Its become an obstacle now with the expanded remote workforce that weve been residing in considering that COVID-19, however we are making certain systems are covered which they have file encryption and malware security in place.”

On Sept. 20, Nebraska Medicine reported its IT system was forced offline due to a security incident. Las Vegas-based Valley Health System also experienced an IT security occurrence on Sept. 27 that required computers offline, and Ashtabula (Ohio) County Medical Center reported a computer blackout on Sept. 27 that forced it to cancel procedures.

Dave Summitt, CISO at Moffitt Cancer Center in Tampa, Fla., repeated the significance of working with teams to prevent cyberattacks.

Over the previous 2 weeks, numerous cyberattacks on medical facilities and health systems have forced computer system systems offline.

” The technique to IT Security that we require to take is to continue to be alert, focus on the effectiveness of security controls, and continuously re-evaluate and enhance them,” he said. The only method we are going to enhance and lower the efficiency of these attacks is through continual re-evaluation, collaboration, and intelligence-sharing.