Although Hollywood Presbyterian Medical Center became something of a poster child for ransomware’s impact on hospitals when it agreed to hackers’ $17,000 ransom demand to end an attack on the medical center’s computer system, testimony from its CIO Steve Giles on the experience helped spur California legislators to pass a law making it a crime to knowingly introduce ransomware into a computer or network.
For anyone who thinks Hollywood Presbyterian was an isolated incident, panelists at CableLabs’ Inform[ED] Connected Healthcare conference in New York discussing the topic of cybersecurity could assure them that all institutions are vulnerable. Ransomware attacks are an issue every hospital has to contend with. But those efforts can’t be limited to hospitals’ IT departments.
Enhanced Direct Enrollment: Georgia Access and the Power of Partnership
Across the nation, state-based health insurance exchanges are searching for ways to better serve their communities while making enrollment easier, more personal, and more accessible for everyone.
Kathy Hughes, Northwell Health Chief Information Security Officer in Melville, New York, observed that hospitals need to have top-level coordination and collaboration.
She recalled an exercise to improve understanding and awareness of what phishing attacks looked like by creating fake emails for 600 people that looked like realistic offers. “Of the 600 people we targeted we got 14 replies. That is 14 replies too many.”
But even if corporate email is protected and staff is trained to know what not to open, personal email can be another entry point for malware.
Hughes emphasized the need for healthcare facilities to arm themselves with layers of protection rather than creating a barrier, as it’s more difficult to penetrate.
Discover the Most Effective Aquatic Therapy Programs in Chicago Suburbs
Incorporating aquatic therapy can enhance patient outcomes and shorten recovery times for health care professionals. In the Chicago suburbs, the demand for such programs is rising.
Although many think of cyber attacks on hospitals as a fad, Timothy Torres, Sutter Health Senior Deputy Chief Information Security Officer, noted that the economics suggest that when it comes to cybercrime there is more money to be made in healthcare so it will continue to be a growing, troublesome problem for the healthcare industry.
“Sutter Health has had and does deal with ransomware attacks and has had to deal with it… The problem is that you can have an amazing backup system and systems in place to detect and deter [would-be criminals], but you also have to identify which [medical] devices are vulnerable,” Torres said.
Hughes noted that the hospitals from the CEO down need to understand the risks they face and work together to constantly improve their defenses. She spoke to the need to have complete buy-in from all stakeholders and a clear idea of what success would look like.
To underscore the sophistication of the cybercrime world, Hughes painted a picture of the “dark web” in a short conversation after the panel discussion that sounded like the cybercriminal equivalent to Diagon Alley from the Harry Potter series.
She described websites where ransomware can be purchased online. There are The producers offer guarantees it will work and even provide customer support. And they are constantly releasing new variants of their software.
“All the technologies in the world won’t prevent anyone from acting maliciously,” she said. Although in the retail sector some security software companies dominate, she noted that the predominance of fractured systems in healthcare make it more vulnerable to cybercrime.
Photo: turk_stock_photographer, Getty Images