A recent ransomware attack on a major hospital chain has emerged as one of the largest cyber threats in U.S. history, prompting questions about the preventability of such incidents.
Wellington Regional Medical Center in South Florida, along with numerous hospitals affiliated with Universal Health Services (UHS), experienced a significant security breach that cybersecurity experts believe to be a ransomware attack.
On September 27th, UHS, with over 400 network hospitals, fell victim to the ransomware breach, leading to system downtime. The attack forced healthcare professionals, including doctors and nurses, to resort to paper-based processes as their normally encrypted and confidential information became inaccessible. This situation mirrors the security breach at the St. Lucie County Sherriff’s Office in 2019.
Cybercriminals have increasingly targeted hospitals and healthcare institutions during the pandemic, exploiting malware that can compromise patient data. While the recent attack did not compromise patient safety or confidential records, past incidents have resulted in patient deaths. The potential consequences sometimes prompt hospitals to consider paying the ransom.
What is ransomware?
Ransomware, a type of malware used for extortion, involves gaining access to crucial data and locking out users until a ransom is paid. The cost of recovering data can range from hundreds to millions of dollars, usually demanded in Bitcoin. Medical facilities, with their urgent need for access to files, are attractive targets, often leading them to expedite ransom payments. Email remains a common delivery method for ransomware, often disguised as trustworthy files that, once opened, take control of the victim’s computer.
Florida has experienced previous ransomware attacks, with the City of Riviera Beach paying a six-figure ransom in 2019 to recover citywide data. The technology behind cryptocurrency makes tracing funds nearly impossible, leaving law enforcement agencies like the FBI struggling to identify culprits. Additionally, the St. Lucie County Sherriff’s Office faced a security breach in the same year.
Preventing ransomware attacks involves implementing robust cybersecurity measures, such as regular data backups, exercising caution with emails, and maintaining effective cybersecurity monitoring. Businesses, particularly those in the healthcare sector, can enhance protection against cyber threats by partnering with companies like EZETech, a HIPAA-compliant organization offering Healthcare IT services. HIPAA compliance involves meeting specific technical and administrative requirements to secure access to confidential data and maintain the integrity of electronic health records.
To ensure compliance, EZETech conducts deep-level risk analyses to identify and manage potential IT risks associated with healthcare environments. This proactive approach helps safeguard against data deletion, corruption, tampering, or theft, aligning with HIPAA privacy and security rules applicable to on-premises, hosted, or cloud-based data storage.
To read more on EZETech’s HIPAA Compliancy: click here.
To read more on the hospitals targeted in the cyberattack:Â click here.