FBI Warns Against Cyberattacks, What Healthcare Facilities Can Do to Better Protect Themselves

Nearly 1 million patient records were breached in March.

By Mackenna Moralez


Ransomware attacks are putting a strain on hospitals and other healthcare facilities. In March, nearly 1 million records were breached because of cyberattacks. According to a report released by the U.S. Department of Health and Human Services (HHS), the five largest attacks were: 

1.) South Denver Cardiology Associates: 287,652 individuals affected 

2.) New Jersey Brain and Spine: 92,453 individuals affected 

3.) Duncan Regional Hospital: 86,379 individuals affected 

4.) Labette health: 85,635 individuals affected 

5.) Law Enforcement Health Benefits: 85,282 individuals affected 

There are many reasons why the healthcare sector is among the most targeted for cybercrimes. There is a large number of electronic devices per facility and systems are often outdated. In addition, healthcare staff often are too busy to stay updated on proper cybersecurity training. The more vulnerable a system is, the easier it is to break through. 

“Like any physical infrastructure asset, technology assets similarly require maintenance and upgrades,” says Mark Mochel, strategic account executive, Brightly. “This is particularly true in areas where systems were not typically exposed to outside threats. Take, for example, an infusion pump or any piece of clinical or utility equipment that is utilizing some form of PC-based processing capability to function. Just a few years ago, that equipment might function off the grid, but now, as the Internet of Things surges forward, all of this equipment is exposed to the world. Cyberattacks on clinical equipment and infrastructure are now possible. The only way to combat that is to make sure that all elements of the technology platforms are hardened against these threats.” 

Employee behavior can play a large role in healthcare facilities getting hacked, according to a study by The Endpoint Ecosystem, which found that 26 percent of healthcare employees still write their work passwords in a personal journal, while 24 percent admitted to storing the information on their phones. The survey also found that the sector has a shadow IT problem. More than 35 percent of respondents said security policies restrict the way they work, and 29 percent admit to finding ways to work around security policies.  

Despite these issue, healthcare workers still understand the consequences a security breach can have on an organization. According to the study, 64 percent of staff believe they will get fired for a data breach, while 57 percent believe their executives should be fired for a privacy breach. Still, 28 percent know someone who exposed their employer to a data breach.  

“While patients may not care which software platform is being used, they will want their hospital visit to reflect a seamless maintenance program,” says Brian Crum, strategic solutions consultant, Brightly. “Technology that can help manage routine and emergent maintenance, as well as repair or replace assets in a manner that is ‘invisible’ to the visitors of a facility will become leaders in the market. This technology will be able to identify and manage schedules to perform work with absolute minimal distraction, as well as determine which issues will impact visitors and develop solutions to mitigate this impact.” 

The FBI is encouraging all organizations – including healthcare – to remain vigilant when it comes to their cybersecurity. The agency warns to not pay ransoms that hackers demand because doing so does not guarantee files will be recovered. If anything, it might encourage them to target more vulnerable sectors that are more willing to pay the cost.  

The FBI has recommended the following protocols to help lower the risk of a ransomware attack: 

Have a contingency plan in place. 

  • Keep all operating systems up to date. 
  • Implement a user training program and phishing exercises. 
  • Require strong, unique passwords for all accounts with password logins. 
  • Require multi-factor authentication. 
  • Maintain offline (i.e., physically disconnected) backups of data, and regularly test backup and restoration. 
  • Ensure all backup data is encrypted. 
  • Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud. 

Mackenna Moralez is the assistant editor with Healthcare Facilities Today. 



April 11, 2022


Topic Area: Information Technology , Safety


Recent Posts

17 Million Patient Records Stolen in PIH Health Ransomware Attack

A ransomware attack halted operations across three of PIH’s hospitals.


Holidays are Prime Times for Healthcare Cyberattacks

A study found that 86 percent of organizations that experienced ransomware attacks were targeted on a holiday or weekend.


Hartford Healthcare Forms Partnership to Open Health Equity Clinic

The new clinic will open in January 2025.


UCHealth Reveals Plans for Memorial Hospital North Expansion

Construction on the patient tower is slated for 2026 with a projected opening to patients in 2029.


What Are 'Hospi-tels'?

Hospitals and hotels are partnering to better cater to patients and families.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.