Cybersecurity and Hospital Attacks
Hospitals still attacked
One industry that continues to be attacked, and with growing numbers successfully, are hospitals and the medical field. Their data continues to be valuable with the immediate uses and to be dissed and sold several times across the dark web. A method commonly used includes with these attacks is ransomware. The attackers are able to encrypt files, folders, and entire systems and demand a fee, or in addition exfiltrate the data and demand a fee for not publishing this in the public forums. The Sky Lakes Medical Center recently had the opportunity to deal with this issue, arising from their successful attack. Sky Lakes Medical Center is located in Klamath Falls, Oregon.
Data Security Incident
As with any breach, the operations get pretty exciting after one is detected. After all, an unauthorized party is in your system doing who knows what for an indeterminant amount of time. This is especially the case with a healthcare facility due also to a few federal statutes focused on ensuring patient’s data remains private and confidential. In this case, several computer systems were encrypted as part of the attack. The issue was discovered on 10/27/2020. As an initial step, the organization contracted with a cybersecurity firm to investigate the breach.
There was a limited amount of data involved with the breach. The attackers were able to access a limited number of older medical images. Due to the age of these, the effect may be moot. It is fortunate the attackers were not able to access the other areas holding much more current patient data.
The systems were brought online to continue the facility’s operations. There, also, fortunately, was no evidence any of the accessed data had been misused. To improve the security stance, the organization has taken additional safeguards and added technical security features. At this point, the information published was lacking. For example, the breached systems were not named, if the hospital used recent back-ups or paid the ransom, or if this was accomplished from a phishing email. Regardless of the method, this still shows the importance of employee training and checking your back-ups regularly.
Hottman, T. (2020, December 24). Sky lakes medical center identifies and addresses data security incident. Retrieved from https://www.skylakes.org/news/releases/sky-lakes-medical-center-identifies-and-addresses-data-security-incident/
Klamath Falls News. (2020, December 24). Sky lakes medical center identifies and addresses data security incident. Retrieved fromhttps://www.kalmathfallsnews.org/news/sky-lakes-medical-center-identifies-and-addresses-data-security-incident