Healthcare and Cybercrime

The Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) are warning U.S. hospitals and healthcare providers of an increase and imminent cybercrime threat to them.

Let us go back before we tackle the paragraph above. Since the days of Electronic Health Records (EHR) incentive and Meaningful Use we have always found an interesting dynamic.

  • Healthcare professionals and organizations must share their data with others and create portals for easy access.
  • Healthcare professionals and organizations must protect their data from others and ensure that only the required information is shared with the right individuals.

In addition to the above, technology is changing by leaps and bounds with multiple devices having the capability to receive and store patient information. Now with the expansion of the telemedicine field we are seen more and more use of technology to connect, acquire and share data with others.

Now, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services are warning of an imminent increase and threat to Healthcare Professionals and Organizations. That warning should be considered redundant as it is obvious that the cyberthreat and the attacks continue to increase. Yet, the number of successful attacks may be interpreted as a sign that additional communication and resources are needed to prevent and slow down this trend.

To enlighten our readers, we picked 10 random cases of Organizations that experienced malware, ransomware and/or phishing incidents  during the first half of 2020.

  1. University of Florida, UF Health Shands in Gainesville and UF Health Jacksonville all reported email hacking incidentsassociated with an attack on a business associate that affected thousands of individuals.
  2. Florida Orthopaedic Institute found that some personal information had been exposedduring a ransomware attack on encrypted data stored on its servers.
  3. University of California San Francisco paid $1.14 million to hackersafter a ransomware attack on its medical school’s computer servers.
  4. Miami-based Cano Health reported a data breachthat affected 28,268 individuals.
  5. A data security incident involving Care New England’s computer system causedthe Providence, R.I.-based health system’s website to experience downtime for nearly a week.
  6. CHI St. Luke’s Health-Memorial Lufkin (Texas) began notifying patientsJune 19 that an unauthorized third party gained access to patients’ protected health information in April.
  7. Netwalker, a ransomware operator that threatens to publish data online if ransoms aren’t paid, hackedSpringfield, Pa.-based Crozer-Keystone Health System and is auctioning off its data online.
  8. Albuquerque, N.M.-based Presbyterian Healthcare notified 183,000 patientsthat their private information was breached in a second email hack last year.
  9. The email account of an employee at Oswego (N.Y.) Health was compromisedby someone not associated with the health system who sent out emails containing a link to a possibly malicious site.
  10. MU Health Care in Columbia, Mo., notified patients of a data breachthat occurred in September 2019, in which students created email accounts with a third party but used the same username and passwords as their university email accounts. The university email accounts containing patient information may have been compromised when an unauthorized user breached the third party’s system.

Based on the information here presented we consider that the next question is: what can we do to prevent and slow down this trend? This is the easy part as we can refer you to some resources worth checking:

We also recommend visiting CISA’s Ransomware webpage for additional information.