Ransomware Threatens More Than Livelihood - It Threatens Lives

Ransomware Threatens More Than Livelihood - It Threatens Lives

by ih-coc admin

Ransomware does a lot more than hurt your organization’s bottom line. It can actually risk the lives of hospital patients. And we’re not talking about just privacy concerns this time. A recent story in the news earlier in October has painted a truly frightening and all-too-real scenario: patients being sent away because of hospital systems being down. 

Here’s an overview of what happened.

Which Hospitals Were Hit with Ransomware?

There were a total of ten hospitals that were infected all around the same time. Seven of them were in Australia, and three of them were here in the U.S. in the state of Alabama. The two groupings are not suspected to be connected to the same attacker, but all ten were forced to take the same drastic actions. All three hospitals that make up the DCH Health System in Alabama were closed to new patients when the attack paralyzed the health network's computer system.

At the time this news broke, the hospitals - DCH Regional Medical Center in Tuscaloosa, Northport Medical Center, and Fayette Medical Center - were forced to turn away all but the most critical new patients. Non-critical patients were diverted to nearby hospitals, and even some emergency patients were also relocated once they were stabilized.

How did the Hospitals Respond?

DCH representatives wrote in a release that a criminal was limiting their ability to use their computer systems in exchange for a payment amount that was not known at the time. Eventually, the Alabama hospitals felt they had no choice but to pay the ransom demands in order to obtain the decryption keys necessary to rebuild their networks. The Tuscaloosa News reported that DCH officials made a payment to the people responsible for the ransomware attack, but didn’t state how much was paid. In exchange for the payment, according to a statement from DCH, “this included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety.”

How Can HIPAA Compliance Prevent Ransomware?

According to an FAQ published by DCH, the strain of ransomware that hit the hospitals is known as “Ryuk,” which specializes in burrowing deep into infected networks to exact big payments. Thus far, Ryuk has nearly always been associated with phishing campaigns directed at employees of target companies. The United States’ healthcare system is one of the largest targets by far for such campaigns, and it’s quite possible that strict adherence to HIPAA guidelines could have potentially prevented this attack from happening altogether. 

We’ve reached a tipping point in the world of cybersecurity and data protection. It’s no longer just about protecting privacy. Even though the leaking of patient data can most certainly ruin lives, we are now seeing examples of how this battleground can physically endanger lives. You can be sure to see more such examples as technology continues to evolve. 

How can organizations expect to adapt to new challenges by applying new safeguards if they’re not yet following those standards that are already currently in place? HIPAA exists for a reason.

Take Action Now 

Does your organization have a fully implemented HIPAA Risk Management Plan that includes how to address ransomware attacks? If not, we can develop one for you as part of our comprehensive package of HIPAA services.  Give us a call today at 800-733-6379 or drop us an email at info@cchipaa.com for a free, initial consultation.