Cyber Carriers are Parked off the coast and they are attacking healthcare. It might be a provocative statement if it weren’t true. Consider..
What would we do if a foreign or even domestic group or person were to walk into a hospital or group of hospitals and walk down the hall to the HIM department and set fire to all the records completely destroying them. How about once they were done they where to head over to the data center and kick on the sprinkler system making the computers nothing more than paper weights. Then they walk out the front door.
Well it is happening and it is happening with more frequency and to bigger targets.
Imagine the next time you go to your health system to find out that all your medical history is gone. Records, Images, all of it.
Today we go through the most recent breaches in healthcare and it would indicate that someone has declared a cyber war on healthcare.
Today in health. It, the story is security events, Roundup. This is from
healthcare it security news.
My name is Phil Russell. I’m a former CIO for a 16 hospital system and creator of this. We can help it. A channel dedicated to keeping health it staff current and engaged. You may not have time to listen to every show that we put out on this week in health it, but we developed clip notes to keep you informed. It’s an email that goes out 24 hours after each show airs.
On the channel with a summary bullet points and two to four short video clips.
You can subscribe on our website this week. health.com. Just click on the subscribe button in the upper right-hand corner or better yet. Have your team subscribe and start discussions around these topics. All right. Here’s today’s story. This week’s. Breach Roundup from healthcare. It security. news.com and there’s really a lot going on.
Let’s see, first of all, Scripps health in San Diego was hit by a ransomware attack over the weekend, forcing the health system into EHR downtime. Some critical care patients were diverted and online patient portal has been taken offline according to local news outlet, San Diego union Tribune. When the appointments were also postponed, do the cyber attack, which disrupted operations at two of script’s four main hospitals.
And backup servers that reside in Arizona. Providers and other clinicians are leveraging paper records. As telemetry has been impacted at most care sites. Access to medical imaging also appears to be down. Reports say all four hospitals and Encinitas. LA Jolla, San Diego and Chula Vista were placed on emergency care diversion for stroke and heart attack patients.
Who were diverted to other medical centers when possible all trauma patients were also diverted. The script’s website was also down. At the time of publication, outpatient, urgent care centers, scripts, health express locations, and emergency departments remain open and are accepting patients. Fall enforcement, inappropriate government agencies have been notified. This piece will be updated as more information becomes available.
All right. That’s the first one second one PA health department contact tracing data leak. By third-party vendor error, the data of 72,000 individuals who use the Pennsylvania health department’s contact tracing app was exposed after a third-party error, the vendor insights global. I was contracted by the state health department for contact tracing services for now. It appears.
The compromised data include the names of individuals who were potentially exposed to COVID 19. Positive or negative test results, any experienced symptoms, household members, and some contact information for those. With specific social support service needs.
All right. Wyoming health department employee error exposes data of 164,000 patients on March 10th. Officials discovered that an employee unintentionally uploaded 53 files containing COVID 19 in influence a test result data, and one file containing breath, alcohol test results. To private and public get hub storage data repositories the incident resulted in data being made available to those without authorization and began as early as November 5th of 2020.
Next one health center partners added to net gain victims. The data of 293,000. Health center partners of Southern California patients was compromised during a ransomware attack. On net gain technology in September of 2020 ACP supports community health centers with a variety of services. Nikki notified ACP that an attacker gained access
to the vendor environment
between October 22nd and December 3rd, 2020. During that time, the actors stole a trove of patient data, including patient information, belonging, to HCP Nikki, and paid the ransom in exchange for the assurance that the hacker. We’ll delete all copies of the data and that it will not publish, sell, or otherwise disclose the data.
The vendor has continued to monitor dark web channels to ensure that data has not been disclosed so far, the attackers have upheld the agreement. However, it is important to note that cov ware has routinely stressed. That victims should not pay the attackers. As they more often than not, can not be trusted. Go figure.
HME specialists, email hack impacts hundred and 53,000 patients. New Mexico based HIV specialists. Recently notified 153,000 patients. Their data was potentially compromised after a hack of several employee email accounts. A phishing attack on river Springs health, . The data of roughly 31,000 patients ever spring health in New York was recently compromised after successful phishing attack on one employee email account in September of 2020. Mail my prescriptions.com. Email hack impacts 31,000 individuals. An email hack, a pharmaceutical company mail. My prescriptions.com potentially compromise the data of 31,000 individuals. That’s about all of them in that story.
What’s my, so what on this. My so wide is pretty straightforward and it might be a little alarming, but I I’m gonna just gonna go ahead and say it right now. We are under attack.
There are cyber carriers parked off of each coast. And in the Gulf of Mexico, they are launching a tax daily, hourly, constantly on health systems across the country. It used to be, they wanted to steal the data, but now they moved to flat-out extortion. Give us the money or we will destroy the data.
All of it. Several health systems have experienced the full force of these tacks. They have lost medical records, images, and all supporting health data. Again, all of it gone forever. This is not a game. We are at war except we don’t fight back.
We are in a constant defensive position. The attacks keep coming and we have to defend.
One mistake and they gain a foothold to mistakes and they get embedded any more than that. And you’re the next headline? What can you do ask yourself beyond the normal platitudes of I have a great team. Do you have a team that you would go into battle with? Do you trust them to protect your health systems, data, your community’s data, your family’s data.
This is not a time to play manager. This is a time to be a leader. Do you have the team that can defend the house as some from seasoned cyber criminals, if not stop playing around and get help. No. When you were outmatched and call for reinforcements. All of the large health systems have consultants in this area. All of them.
Change your perspective on this start with this premise, . They are already inside your network. Now find them. .
No, that the best offense is architecture before they attack. Have you protected the crown jewels of your health system? You know, It’s one thing to get into the network. It’s quite another to actual trade data. It’s quite another to destroy the data with no means to restore it. This starts with design. Create the firewalls between systems between data, between live and protected copies. I used to hate cyber speeches like this one, I thought they were overzealous ex special ops wannabes that wanted to scare us into action. These people will feel like a nuisance during a perceived peace time, but they’re often the ones that see what we don’t see and sound the alarm well before we heed their warnings.
It’s time. We are at war it’s time to act like it. That’s all for today. If you know someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week. health.com or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher, you get the picture. We are everywhere.
We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. VMware Hill-Rom 📍 Starbridge advisors, McAfee and Aruba networks. Thanks for listening. That’s all for now.