How Can Hospitals Prevent Ransomware Attacks?

More than 200 healthcare facilities have fallen victim to ransomware attacks in the last three years

By Mackenna Moralez, Assistant Editor


Cybercrimes are on the rise, and no industry is safe – especially healthcare.

Last month, two Indiana hospitals fell victim to ransomware attacks, forcing them to resort to manual methods as their online systems were compromised. These attacks are not uncommon. Hospitals and other healthcare facilities are among favorites for cyber criminals, as more than 200 locations have been targeted in the last three years, and that number is only expected to increase exponentially in the coming years, according to The Wall Street Journal.

“Healthcare facilities are a high valued target in that they offer threat actors the potential of capturing patient information to resell on the dark web,” says Fred Gordy, director of cybersecurity with Intelligent Buildings. “There is also a new threat in the form of ‘Killware.’ According to Gartner, ‘Killware’ is designed to actually harm, or worse, kill humans, In the thousands of assessments, we have performed, we find building control systems to be attached to the web insecurely and easily accessible. These systems control everything from operatory suites, oxygen systems, blood storage, and patient rooms making them an easy target for Killware.”

Sure, there are still scams that are easy to identify, such as, “Click here to receive your $500 gift card,” but many are started to look like they are coming from a manufacturer, service provider or coworker. Because of this, many companies have begun implementing a double-verification system in order to limit the number of malware outbreaks.

“In 2020, there was a 600 percent increase of operational technology ransomware attacks across all business sectors including healthcare,” Gordy says. “Historically, the building system front end has been used as an engineer’s workstation. When a rogue link is clicked, it seizes the front end, and communication to the system is lost. Typically, the system is not being backed up, or if it is, the backups are out of date, making recovery difficult at best. By moving the front-end/application host into either a data center or moving it off the engineer’s desk into a locked closet so that it is no longer used as a workstation, almost 100 percent of the events we have seen could have been avoided.”

Patient information should never be connected to networks that store and transmit information, Gordy says. The International Society of Automation (ISA) standard, Zones and Conduit, should be used on any building control/operational technology network. When hospitals and other healthcare facilities do not use the standard or have a cybersecurity plan in place, the risks can include disruption of service, compromise of the patient network by network traversal, and potentially harm and loss of life.

Mackenna Moralez is the assistant editor of Healthcare Facilities Today.



November 12, 2021


Topic Area: Information Technology


Recent Posts

Partnering on Personnel: Strategies for Success

Environmental services in healthcare have special staffing circumstances. They must meet stringent compliance standards and maintain accreditations.


Kaiser Permanente Opens First Two Medical Offices in Northern Nevada

These are part of its joint venture with Renown Health.


Acadia Healthcare Reports Data Breach

This incident did not disrupt Acadia’s operations or its ability to care for patients.


Site Selection Mistakes: What Not To Do

Healthcare providers that treat site selection as a strategic decision, not a simple real estate deal, will be positioned for long-term success.


High-Performance EFCO Systems Shape MUSC's New Black River Medical Center

Case study: A sweeping curved-glass entrance, impact-resistant envelope and energy-efficient fenestration support a sustainable, resilient design for one of South Carolina’s newest rural hospitals.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.