The healthcare system deals with lots of sensitive information, that can be used to create believable identity theft attempts, insurance scams, and can even affect people’s lives and well-being. Considering the gravity of the situation, one may think that hospitals and clinics invest more in security solutions.
However, a recent attack on the Cabrini Hospital in Melbourne, where hackers scrambled the medical files of 15,000 patients proves otherwise. These were the patients of a specialist cardiology unit of the hospital, and the personnel was refused access to patient files for over three weeks.
This was a ransomware attack since the cybercriminals demanded a ransom in exchange for the files. They also asked that the payment should be made in cryptocurrency, which is a common requirement in such situations.
The Healthcare Sector under Attack
Hackers used to focus their efforts and attention against organizations and businesses. But, after the Hollywood Presbyterian Hospital in Los Angeles was forced to pay $17,000 in Bitcoins to hackers, in order to get control over their own network, the healthcare sectors everywhere have became a target.
These security breaches stem from the WannaCry 2017 ransomware attack, that had implications at a global level. The attack hit Britain’s National Health Service quite strongly since it is estimated that over 70,000 hospital devices in England and Scotland were affected.
As a result, operations were canceled, some ambulances were turned away from hospitals, and even emergency centres had to be closed.
Is Paying the Ransom a Solution?
With every ransomware attack, the affected hospitals or clinics paid the ransom in order to get back their files. The same happened in the Cabrini Hospital case (allegedly), but the recovery process was not complete. Some of the files couldn’t be unscrambled and many patients’ sensitive information are still exposed to identity theft.
Furthermore, hospital representatives failed at informing affected patients on the situation. Some patients know their data have been lost, but they didn’t receive a pertinent explanation. Also, hospital appointment records were affected.
Even though the proper authorities have been notified, according to the current security laws and regulations, the hospital will have to post information about the data breach on their site and let the patients know about the situation.
Make Sure This Doesn’t Happen to You
According to the hospital’s spokesperson, the ransomware probably got in the hospital’s network via an email or infected web page that was accessed by one of the staff’s members. This shows that everyone is at risk when it comes to data security.
It also shows that the hospital was missing two very important requirements:
- A correct level of IT security (antivirus software is not enough). Onsite Helper recommends multiple layers of security.
- An effective disaster recovery or disaster continuity process.
If these two levels have been in place at the moment of the attack, this entire situation could have been avoided.The Onsite Helper team is specialized in providing both these services to customers, so if you want to avoid such a disastrous scenario for your business, get in touch with us today!