Nationwide Ransomware Scare
Recent ransomware attack on a major hospital chain is one of the largest cyberattacks in U.S. history. Could this have been prevented?
Wellington Regional Medical Center in South Florida, along with hundreds of other hospitals affiliated with Universal Health Services suffered a massive security breach, experts indicating it sounds like a ransomware attack.
On September 27th, Universal Health Care Services (UHS) fell victim to a ransomware security breach. UHS has over 400 network hospitals, with a large majority of them based here in the US. Systems were down on Monday, forcing doctors, nurses, and other hospital employees to rely on paper. These hospital employees still needed to complete their tasks and tend to their patients, but now their normally encrypted and confidential information had to be relayed on paper. The St. Lucie County Sherriff’s Office security breach last year in 2019 was a very similar situation.
Criminals have been targeting hospitals and healthcare institutions during the pandemic since certain codes of malware can scramble patient data. Even though no patient’s safety nor confidential records were compromised in this most recent attack, patients have died as a result of past unrelated security breaches. Given this information, hospitals are sometimes inclined to pay the ransom.
What is Ransomware
Ransomware is a type of malware used for extortion by gaining access to important data and locking out users of infected networks until the ransom is paid. The cost to recover this data can be from a few hundred dollars to thousands and sometimes even millions, which is to be paid to the cybercriminal in Bitcoin.
Medical facilities are a big target for cybercriminals to focus on for these types of attacks. Hospitals need immediate access to their files and therefore are more likely to pay off a ransom quickly. The most common delivery for ransomware is through email. It will seem like a file that you should trust but once opened, it can take control of the victim’s computer.
Previous Ransomware Attacks in Florida
In 2019, the City of Riviera Beach paid a six-figure ransom to recover data for the entire city. Riviera Beach was one of many cities to be targeted. The technology behind cryptocurrency is able to make millions of dollars untraceable after being sent to hackers, leaving the FBI no closer to finding the culprit. As previously mentioned, the St. Lucie County Sherriff’s Office also suffered a security breach in 2019.
How to Prevent Ransomware
Cybersecurity attacks including ransomware and phishing scams are extremely common and can almost always be prevented. They can be prevented with proper data backups and due diligence not to open unfamiliar emails and spam. It is also important to have proper cybersecurity monitoring. With all of these in place, businesses can rest assured that all their data stored is protected.
EZETech is a HIPAA compliant company that provides Healthcare IT services. To read more on EZETech’s HIPAA Compliancy: click here. HIPAA imposes specific technical and administrative requirements for healthcare IT planners, InfoSec organizations, and compliance officers. Healthcare IT organizations are required to put strong security systems and practices in place to protect access to confidential data and to safeguard the integrity of electronic health records throughout their lifecycle. IT organizations must ensure EHRs are not deleted, corrupted, tampered with, or stolen. HIPAA privacy and security rules apply to data maintained on-premises, in a hosted facility, or in the cloud.
The first step to compliance is understanding what your risks are where they are. EZETech will perform a deep-level risk analysis of your environment and endpoints. IT risk management aims to manage the risks that come with the ownership, involvement, operation, influence, adoption, and use of IT as part of a larger enterprise.