'We're not going to solve this through magical thinking': What hospitals need to combat cyber threats

Becker's Hospital Review

Laura Dyrda

Two health systems experienced cyberattacks in September that forced their IT networks offline for multiple days.

On Sept. 20, Nebraska Medicine reported it was forced offline due to a security incident. The health system also provides EHR support for several other Nebraska-based hospitals and health systems, forcing them offline for a week to 10 days while the systems recovered.

King of Prussia, Pa.-based Universal Health Services reported an IT security incident on Sept. 27 that shows the characteristics of a ransomware attack. "Many ransomware attacks today have evolved to double extortion. Usually, the attacker would exfiltrate a copy of the data before encrypting them," said Bindu Sundaresan, director of AT&T cybersecurity. "This way, the attacker not only prevents the victim from accessing their data, but also keeps a copy of the data for themselves. In order to claim responsibility and pressure the victim during the negotiation process, the attacker will often release small portions of the data online. If the negotiation turns out badly, the attacker then publishes all of the exfiltrated data or sells them to third parties."

The attacks are essentially a combination of...

Get the Morning Update

Thanks for subscribing!