There has been an increasing number of data breaches, ransomware and cyber attacks on healthcare organizations. Additionally, the COVID-19 pandemic has seen a bigger surge of such attacks on the healthcare sector. While some cybercrime gangs have sworn off attacking these facilities as they provide critical services; others view hospitals as easy targets since they are seen as weak and distracted by the pandemic. Tens of thousands of patient records are being stolen and being published on the dark web every week.
Here are some of the significant attacks on healthcare providers in the last few months.
Leon Medical Centre and Nocona General Hospital
A breach affecting about 500 individuals saw the patients’ records being stolen from Leon Medical Centers and posted on the dark web. The Center serves eight locations in Miami, Florida and Nocona General Hospital, which has three locations in Texas. The stolen data includes scanned diagnostic results and letters to insurers that include personally identifiable information such as name, contact information, social security number, financial information, date of birth, insurance information, etc.
At Leon Medical Centers, the data was stolen in a ransomware attack in November 2020 and was officially announced by the hospital in January 2021. A cybercrime gang known as ‘Conti’ was behind the attack. They are said to have demanded a ransom payment in return for a decryption key and have promised not to publish the Nocona has not published a breach disclosure on its website yet. An attorney for the hospital chain has said that the company was not a victim of ransomware. The breach on healthcare providers is just the tip of the iceberg. Read about healthcare security and compliance concerns due to Covid-19 on our blog.
The University of Vermont Health Network
The hospital was forced to shut down its IT system after identifying a cyberattack on October 28, 2020. The attack infected 5,000 network computers. The system outage lasted for more than 40 days and the health system reassigned or furloughed around 300 workers who were unable to do their jobs as a result of the computer outage. The UVM Health Network brought in the National Guard’s cybersecurity unit to help restore the computers. During the outage, the health system postponed some services. The health system was estimated to lose $1.5 million per day in revenue and extra expenses and the entire incident was expected to cost more than $63 million by the time it is resolved.
Ryuk ransomware affected six hospitals in the U.S. for over 24 hours. The attacks began on October 26, 2020, and the federal government reported the hit in an advisory on October 28. There was a list of 400 targeted hospitals that were circulated among Russian hackers. A few hospitals self-reported IT outages due to ransomware during that time, including Sky Lakes Medical Center in Oregon and St. Lawrence Health System, Upstate New York.
Sky Lakes Medical Center eventually purchased 2,000 new computers as a result of the attack. In response to the attack, unaffected health systems across the U.S. took preventative measures including pre-emptive email shutdowns and tightening security networks to protect against future attacks.
In the past, the federal government has issued a cybersecurity warning to healthcare providers about “credible, ongoing and persistent” threats, encouraging cyber teams and companies to continuously monitor and proactively look for issues within their networks and systems to respond quickly. Cybersecurity programs should include a very detailed and robust security awareness program as nearly all cyberattacks are initially carried out through a single user’s action. Software provided by SureShield can protect healthcare organizations and assist in implementing an enterprise-wide and risk management plan. Given the alarming healthcare data breach statistics in 2020, it is important that organizations mitigate cybersecurity risk by:
- assessing the level of liability on endpoints and stratifying risk
- securing local copies of data using transparent encryption
- purging unnecessary data to reduce the amount of information stored at endpoints
- monitoring third-party downloading of PHI on any device