Hospitals take action to avoid ransomware attacks, including pre-emptive email shut down

Hospitals across the U.S. are taking pre-emptive steps to avoid cyberattacks after the FBI issued a warning of increased hacking activity on Oct. 28.

St. Lawrence Health System in upstate New York and Klamath Falls, Ore.-based Sky Lakes Medical Center reported ransomware attacks on Oct. 27. The federal government said six hospitals were hit within a 24-hour timeframe between Oct. 26 and Oct. 27, but did not reveal the names of the hospitals.

“My initial thought was that ransomware players are getting much craftier and that the [Internet of Things] ransomware threat in healthcare is more serious than we think,” Zafar Chaudry, MD, CIO of Seattle Children’s, told Becker’s. “We at Seattle Children’s cannot take our eyes off the ever-evolving cybersecurity threats out there. Investments in preventative tools, education and awareness must continue and many cases accelerate. It’s too easy to get distracted in healthcare with the swirl of challenges we face day in, day out.”

Hospitals and health systems across the U.S. are on heightened alert and some are taking new action. Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center shut down its email to prevent cyberattacks, according to a local 7 News report. The hospital remains operational and has not reduced patient services. Online patient portals and the hospital’s website are still operating, according to the report.

Morrisville, Vt.-based Copley Hospital is also on high alert this week after neighboring UVM Medical Center in Burlington experienced a cybersecurity incident that required shutting down its online systems on Oct. 29. According to the VT Digger, Copley is automatically backing up patient information every night and has back-up information not connected to its online systems.

UnityPoint Health in West Des Moines, Iowa, is heeding the warning as well. “We have made significant investments in measures to detect, stop and prevent cybersecurity threats, and our systems are backed up on a regular basis,” said Christine Zrostlik, senior media relations specialist at UnityPoint Health, in response to Becker’s inquiry about any changes due to the FBI warning. “Our team members receive extensive training and we continually evaluate and modify our practices to enhance the security and privacy of our information.”

Dr. Chaudry said Seattle Children’s has preventative tools, education and awareness as well as constant monitoring for cyberthreats. “We’ve gone cloud native with our tools, added in artificial intelligence capability to harness the power of data, and moved to single agent protection on all hardware,” he said.

In Dayton, Ohio, System Vice President and CIO of Premier Health Gary Ginter was surprised about the heightened awareness the ransomware attacks on hospitals received because they have become a common occurrence. However, he said the health system hasn’t changed its approach to cybersecurity and continues to focus on the goal of making sure protections are in place and employees are educated about mitigating threats.

“The exposure of these events did allow us an opportunity to reinforce education to our employees on their role in helping prevent these types of attacks,” he said.

More articles on cybersecurity:
Connecticut city pays $202K HIPAA fine for failing to terminate former health department employee’s PHI access
Ohio hospital accidentally posted protected health info online: 4 details
Nearly 700,000 health records breached in October


© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.