- This topic has 5 replies, 4 voices, and was last updated 2 years, 10 months ago by Saranath.
-
AuthorPosts
-
-
2021-09-22 at 5:56 pm #31511Napisa Freya SawamiphakParticipant
Case Study 4: Cyberattack Impacting Memorial Health System’s Patient Services
Brief description of the story (1)
Memorial Health System experienced a cyberattack on 15 August 2021, resulting in information technology (IT) system failures. The IT security incident did not disclose any patient or employee data. However, it disrupted the clinical and financial operations. The hospital suspended access to IT applications and worked with IT security team and the government to restore the system and investigate this attack. In the meantime, the hospital was using paper charts, cancelled urgent surgeries and radiology exams, rescheduled patients’ visits due to no available historical patient information, and diverted patients to other locations for emergency departments. However, primary care appointments were held as scheduled.The impact and consequences of the data breach
• The data breach forced the hospital to suspend some operations such as urgent surgeries and radiology exams. The hospital needed to reach out to patients for patients’ visit rescheduling and diverted patients for emergency departments. They used physical charts while restoring the data.(1)
• It was updated later that the Memorial Health System announced it had reached “a negotiated solution” which sounds like a ransom payment to resolve this issue. (2)How the data breach occurs and the main cause of the data breach (3)
Based on the update from the cybersecurity division of the FBI, Memorial Health System was possibly hit by ransomware from Hive ransomware organization. The FBI mentioned that the Hive ransomware is targeting healthcare systems and using various tactics such as phishing emails with malicious software. The ransomware can encrypt all files and block the organization from accessing the data in the system.How to prevent this data breach attack
In my perspective, ransomware can be prevented by the following suggestions.
• Encourage employees to take precautions of phishing emails and providing cybersecurity training
• Develop safety and security system, for example, using multi-factor authentication and frequently conducting data backups into the cloud or other storage device that is not connected to the central system
• Develop a Disaster Recovery Plan (DRP) or Business Continuity Plan (BCP) to handle emergencies
• Build organization policy and culture to report suspicious events or phishing emails regularly and block those suspected email addresses or websitesReference
1. Health IT Security. Cyberattack Impacting Memorial Health System’s Patient Services [Internet]. Health IT Security. 2021 [cited 2021 Sep 22]. Available from: https://healthitsecurity.com/news/cyberattack-impacting-memorial-health-systems-patient-services
2. Memorial Health System Hit By Ransomware | Avast [Internet]. [cited 2021 Sep 22]. Available from: https://blog.avast.com/memorial-health-system-hit-by-ransomware-avast
3. FBI warns healthcare systems of Hive ransomware following Memorial Health System attack | Fierce Healthcare [Internet]. [cited 2021 Sep 22]. Available from: https://www.fiercehealthcare.com/tech/fbi-warns-healthcare-systems-hive-ransomware-following-memorial-health-system-attack -
2021-09-22 at 8:16 pm #31525Auswin RojanasumapongParticipant
The disaster recovery plan is very important even for normal situations when there is no cyberattack event. Hardware failure, power outages, and other scenarios that interrupt the system can cause the workflow of the whole hospital to stop. Having a backup server or a plan to use manual paper-based input to run the hospital is still necessary.
-
2021-09-22 at 10:38 pm #31563Napisa Freya SawamiphakParticipant
Thank you Auswin.
For other friends, I would like to add more information. From the updated report, FBI mentioned ransomware in this case but doesn’t explain the cause of this ransomware attack clearly (perhaps by a phishing email). Please feel free to share if you get new info!!. Thank you.
-
2021-09-23 at 1:19 am #31573Tossapol PrapassaroParticipant
Thank you for your sharing. The other method to prevent ransomware might be to set up a firewall to run on deep package inspection (DPI) to detect packages with infected software. Finally, set up your network as a segment with individual security control might work for preventing the whole collapsed of the system, while the subsystem can still work.
-
2021-09-23 at 4:43 pm #31600Napisa Freya SawamiphakParticipant
Thank you K’Tassapol. I like deep package inspection (DPI) and segmented network ideas!!!
-
-
2021-09-30 at 6:25 am #31736SaranathKeymaster
Thanks all for sharing!
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here