Ransomware attacks are on the rise and are a danger to the healthcare industry. Hospitals, ambulatory surgery centers, and private practices must all take precautions to protect their data and their patients.
Data Breach on the Rise
In January 2020, healthcare data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights at a rate of more than one a day. In 2019, Health Insurance Portability and Accountability Act (HIPAA) covered entities and their business associates reported 510 data breaches. In July 2019, 11,500,000 individuals were reportedly affected by Optum360, LLC’s data breach and 10,251,784 individuals were affected by Laboratory Corporation of America Holdings d.b.a. LabCorp’s data breach.
Many data breach incidents are ransomware attacks. Ransomware attacks harm everyone. Research recently conducted by Comparitech found over 172 ransomware attacks on United States healthcare organizations since 2016. Comparitech found these attacks cost over $157 million. Taking steps to reduce the risks of data integrity attacks can significantly impact how quickly an organization can rebound from an attack, as well as mitigate the damage done by the attack.
Here are just a few of the many ransomware attacks that have happened over the last few months.
Enloe Medical Center
Chico, California-based Enloe Medical Center (Enloe) was forced to reschedule some elective procedures following a ransomware attack that affected its entire network infrastructure. It took almost two weeks for Enloe to achieve full-fledged restoration of its core systems. Upon discovery of the January 2, 2020 incident, Enloe’s comprehensive emergency protocols were immediately implemented to safeguard patient records.
“Despite this challenge to our operations, our ability to provide care for our community during this IT incident stems from our frequently practiced system downtime and data backup protocols,” said Mike Wiltermood, Enloe’s president and chief executive officer. “Our caregivers have done a remarkable job utilizing our downtime procedures to ensure patient safety while we have worked toward restoring affected systems.”
Enloe’s information technology personnel was able to get major clinical programs restored and back online within three days of the incident. Ancillary clinical programs were restored and back online shortly thereafter. At this time, there is no indication or evidence that suggests patient data was accessed or exfiltrated.
“Upon learning of this incident, we immediately took steps to restore critical operating systems and ensure the security of our network. At this point in time, we have no indication or evidence that suggests patient medical data has been compromised,” said Kevin Woodward, Enloe’s chief financial officer.
