If current news headlines are any indication, healthcare organizations have come under siege by cyberattacks. Since the recent spate of attacks has mostly affected relatively smaller organizations, the news can fly below the national radar. This article highlights some of the recent healthcare breaches and what lessons can be learned from them with regards to healthcare cybersecurity. Before getting started, however, healthcare breach addicts may want to bookmark the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) breach notification webpage (https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf).
Atrium Healthcare: Breached Data Records of 2.65 Million Patients
Atrium Healthcare, previously named Carolinas HealthCare System, provides healthcare and wellness programs throughout the Southeast region of the US. It reported in November that data of about 2.65 million patients—including addresses, dates of birth, and social security numbers—may have been compromised in a breach at third-party provider AccuDoc Solutions. Atrium reported that a review revealed an unauthorized access to AccuDoc’s databases in late September 2018. The investigations indicate that data was accessed but not downloaded in the incident.
- What to consider: Even when your data is secure, it can be at risk in the hands of third parties. That’s why vendor risk management and associate agreements are important. Remember: an ounce of detection/response prevention can avoid a pound of investigative cure.
Ohio Hospitals: Ransomware Attacks
The East Ohio Regional Hospital and Ohio Valley Medical Center were both hit by a serious ransomware attack in November that forced them to turn away ambulances. The two hospitals, owned by Ohio Valley Health Services & Education Corp., say patient records remained secure after taking computer systems offline and reverting to paper charting to overcome the ransomware attack.
- What to consider: Running incident response exercises can help minimize the impact of IT incidents and speed recovery.
Georgia Spine and Orthopaedics of Atlanta (GSOA): Phishing Attack Leads to Breach Notification for 7,000 Patients
Georgia Spine and Orthopaedics of Atlanta (GSOA) notified approximately 7,000 patients that some of their protected health information has been exposed and potentially stolen. The compromise originated when an employee was lured into responding to a phishing email. GSOA notified patients with exposed information and informed HHS OCR per HIPAA.
- What to consider: No matter how many prevention-focused products you have, bad stuff inevitably slips through your security perimeter. However, using a managed detection and response (MDR) service can close the window of vulnerability by flagging events where credentials get compromised so you can get them reset.
Texas Altus Baytown Hospital: More Ransomware
In November, Altus Baytown Hospital (ABH) reported that it discovered a ransomware outbreak that may have led to a leak of patient data. While ABH’s electronic medical record system was not affected, some of the encrypted files contained patients’ protected health information, including names, home addresses, contact telephone numbers, birth dates, Social Security numbers, credit card information, driver’s license numbers, and medical information. The attacker gained access to the hospital’s servers before deploying a Dharma ransomware variant. The attack’s sole aim was to extort money from the hospital and ABH believes no data access or theft of patient information occurred.
- What to consider: Defense in depth is goodness. If an attacker delivers ransomware or malicious software to a victim’s endpoint, alerts and event log data from antivirus products or endpoint protection platform (EPP) solutions can help with early detection. But things slip through. Creating a security operations center (SOC) or leveraging a SOC-as-a-service to synthesize endpoint logs with other log data (Active Directory, firewalls, intrusion detection systems) and applying AI to the data can quickly identify meaningful threats and speed remediation.
Healthcare organizations experience more than their fair share of attacks and must continually defend against bad actors with different motives. Arctic Wolf sees significant interest in healthcare organizations for 24/7 security monitoring as a healthcare cybersecurity best practice, as well as a means to fulfill HIPAA compliance obligations. Check out this solution brief to understand the many ways SOC-as-a-service can help improve your security and help you comply with HIPAA.
About the AuthorYou might also be interested in...