Tagged: Healthcare Security Services
It’s hard to believe, but the first quarter of 2023 is behind us and Spring is well sprung. There is an old saying when describing springtime: In like a lion, out like a lamb. I wonder if the same can be said for the state of ransomware in healthcare for 2023. At this year’s American Hospital Association (AHA) Rural Leadership meeting in San Antonio, I continually heard that a top concern from attendees is ransomware.
On January 26, 2023, the Department of Justice (DOJ) announced that, following an extensive operation, the FBI were able to disrupt the Hive ransomware gang’s operations by distributing decryption keys to numerous victims mid-attack. It has been established that Hive’s victims included hospitals, U.S. K-12 schools, and other critical infrastructure entities. The question of “if” or “when” the victim of a ransomware attack should report and involve authorities comes up during every discussion involving healthcare incident response plans.
On 04 October 2022 CommonSpirit Health announced a cyberattack affecting its system of healthcare facilities. CommonSpirit Health operates more than 1,000 care sites and 140 hospitals in 21 states, including CHI (Catholic Health Initiatives) Health and MercyOne facilities in Iowa. CommonSpirit reported on their website that the attack affected their electronic medical record (EMR) and CHI Health and MercyOne have notified their patients that patient portals, electronic prescriptions, and scheduling have been affected, with some procedures delayed.