Healthcare Compliance Perspective:
Healthcare providers are unfortunately a vulnerable target for malicious ransomware attacks. It is essential to first have a policy and procedure in place to address potential Ransomware attacks and then educate all staff members on their role under this policy. It is important to consider how operations would continue within your organization if a Ransomware attack rendered your computer systems temporarily useless.
An Indiana hospital experienced a ransomware attack on its computer system and the attacker demanded their ransom payment in Bitcoin-a virtual currency that is used to execute anonymous and difficult to trace transactions.
The attack was realized soon after hospital IT employees noticed that the network was running abnormally slow, and a message appeared on a computer screen advising that parts of the hospital’s computer system were being held hostage until payment in the form of Bitcoin was received.
The employees shut the network down immediately and the FBI was brought in to discover the identity of the attacker. In the interim, hospital doctors and nurses have reverted to keeping handwritten notes on patients and procedures.
The hospital’s leaders have not revealed any details about the attack or the amount of the ransom demanded except to notify affected areas that include the hospital’s entire health network, physician offices and wellness centers to make sure that all computers are shut down and turned off.
There have been a couple of other Indiana hospitals that have experienced ransomware attacks in the last couple of years. One of the hospitals paid a $200,000 ransom last year, and another was attacked but did not pay a ransom.
These attacks are frequently due to the unsuspecting opening of a malware-infected email; however, in this instance officials do not believe that occurred. The security breach was a sophisticated one that the FBI is familiar with. It is also not believed that any personal medical information was accessed by the attackers.
