Healthcare News & Insights

Security threat: Hackers hold hospital data hostage

Hospitals need to be vigilant with their cybersecurity so they can protect themselves against outside attacks from hackers. And it could cost them more than just fines for data breaches – some attackers are holding hospitals’ electronic health records (EHR) systems hostage. 

man-working-on-computerThe newest security threat is called ransomware. Here, hackers use computer viruses and other malicious software (or malware) to take over a computer or server, and they hold the organization’s data for ransom. The malware encrypts files to make it impossible for the victim to access them.

Past ransomware attacks were small in nature, as discussed in an article from The Atlantic. Most attackers asked victims for a few hundred dollars in exchange for restoring access to their sensitive data.

However, hackers have upped the ante recently – and they’re coming after hospitals.

Cybersecurity nightmare

Attackers installed malware on the computer system for Hollywood Presbyterian Medical Center. Initial reports said the hackers were holding the facility’s EHR hostage in exchange for $3.6 million dollars – an uncommonly large sum to demand after a ransomware attack.

Doctors and nurses at the Los Angeles hospital couldn’t access patient charts, so they had no way to reference any of patients’ past visits and medical tests. They relied on faxes and paper documents. And in some cases, they even sent patients to other facilities for treatment or testing.

After several days without computer access, Hollywood Presbyterian opted to settle with the hackers, paying them $17,000 using Bitcoin, an online currency. The final price tag was much lower than the initial reported sum, but still higher than the typical ransomware payout.

In an article from the LA Times, the hospital’s CEO, Allen Stefanek, said “the quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key.”

The FBI is currently investigating the case.

Avoiding problems at your hospital

A ransomware attack could be very disruptive to your hospital’s daily operations. Resolving the problem is expensive and time-consuming, which means prevention is of utmost importance.

Hackers initially get access to hospitals’ computer systems by exploiting existing vulnerabilities and weaknesses. And one of the biggest weaknesses attackers rely on is the behavior of your people.

Malware often infects systems via suspicious links in email messages or unfamiliar pop-up menus on screens. Even if they don’t know the sender, or the message seems suspicious, staff may end up clicking on these items, which can secretly install malicious programs on computers and servers.

So it’s key to remind all hospital staff that they should never open a message or click a pop-up or link from a sender they don’t recognize. Training people to be more aware of the basic principles of network security is half the battle.

The other half lies with your IT department and vendors. Attackers can also gain entry to your hospital’s systems through security vulnerabilities in Internet-connected medical devices – or unprotected servers. Be sure all devices and hardware with online capabilities are regularly updated with the appropriate software and patches to protect against threats.

Make sure your IT department is staying abreast of the newest threats and is taking a proactive approach to network security. And check that your vendors have the same philosophy.

Can happen to anyone

It’s tempting to think a devastating cyberattack will never strike your hospital. But medical records are an attractive target for hackers to earn a quick buck, whether it’s through selling patients’ protected health information on the black market or holding this important data for ransom.

That means these attacks will likely become more common – and more costly – for healthcare facilities as time passes. So your hospital must be on top of its IT security now to avoid headaches down the line.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.