Hospitals tighten email security, restrict external messages to prevent ransomware

Hospitals across the U.S. have tightened email security to prevent ransomware attacks.

In Massachusetts, UMass Memorial Health Care in Worcester has placed inhibitors on external links and is scrubbing external emails and links. The health system’s IT team also is examining any email with attachments and quarantining suspicious emails, confirmed Debora Spano, UMass Medical Center’s media and public relations manager. The news was first reported in Boston Business Journal, which also reported that Signature Healthcare blocked external emails for a few days over the weekend. The block was lifted Nov. 2, but the health system has placed tighter restrictions on the types of emails that get through.

Lorraine McGrath, director of marketing communications at Brockton, Mass.-based Signature Healthcare, said the health system took action after receiving information from national and regional agencies about a potential threat to hospital networks. She said Signature didn’t receive any specific threat, but took the security precautions proactively.

“Our IT department is closely monitoring all the activity coming in and out of our healthcare organization,” she told Becker’s. “While they always did that, they are taking higher precaution in this threat trying to safeguard our organization from any type of potential network threat. We take the safety of our patients and staff very seriously.”

The Business Journal also reported that Holyoke (Mass.) Medical Center shut down emails from Oct. 29 to Oct. 30 to allow its IT security team to comb through emails and sequester suspicious messages. The hospital then began sequestering all emails with attachments to double-check them.

OhioHealth in Columbus confirmed to Becker’s that it has taken measures to temporarily limit external emails and tighten email security after hearing about the larger general threat.

“To our knowledge, OhioHealth has not been compromised by these actions,” Colin Yoder, senior manager of media relations at OhioHealth. “However, we are taking this threat very seriously. We have a robust information security team that is monitoring our computer network and electronic medical record system. We have also engaged a national cybersecurity consultant to assist us in both assessing the potential threat to OhioHealth and help us in taking additional steps to monitor and protect our computer networks.”

In New York, River Hospital in Alexandria Bay shut down email access to prevent ransomware attacks, according to a report from News 7. CIO Jim Flood said he was unsure when the hospital would activate its email again, according to the station.

Ogdensburg, N.Y.-based Claxton-Hepburn Medical Center also temporarily shut down its email to prevent cyberattacks, according to a separate News 7 report.

Director of IT at Williamson Medical Center in Franklin, Tenn., Jeff Goad, said cybersecurity at the hospital has always been a key focus, but the hospital has taken extra steps after hearing from the federal government about the increased threat to hospitals.

“Cybersecurity has been a constant concern and news topic among healthcare organizations for many years, but it is still unsettling to hear of a targeted effort, and more details are being revealed daily,” he said. “We are further tightening controls and intensifying employee education that was already in progress.”

More articles on cybersecurity:
Emotet malware attacks up 1,200% in Q3: 5 things to know
Retailer settles HIPAA violation allegations over improper electronic device disposal: 4 details
Updates on 5 hospital cyberattacks


© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.