Cybersecurity and Hospital Systems
by Charles Parker
Hospital systems are a treasure trove of data. You know the patient’s name, social security number, address, medical records and identifiers, and other information that can be sold in mass, or divided into section for separate sales. With this area of operations, the data is critical for patient care. This provides leverage for any attacker. If they can remove access to the data and network, through an example of ransomware, the facility would be desperate to get this back online and may be more likely to pay a ransom if there is no access to viable back-ups.
The University of Florida Health System recently had the opportunity to work through this portion of their incident response plan. This did affect the services at the two locations targeted and successfully attached. The two locations of UF Health were Leesburg and The Villages. The attackers were able to shut down their systems. Other than the successful attack itself, it is surprising this is not the first time in recent history this occurred, with the prior occurrence last August.
With two events of this nature occurring within one year, it appears there needs to be additional training for staff or the network needs to be improved.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.