Skip to main content
Skip to footer

Combatting ransomware attacks on health care providers

Estimated read time: 3 minutes

by Jon Chi

Published on 10/26/2020

The most recent HIMSS Cybersecurity Survey found that 82% of hospital technology experts reported a “significant security incident” in the last year. More health care providers are at risk of being locked out of hospital records and even losing control over life-saving medical devices – unless they meet a hacker’s demands, monetary or otherwise.

The American Hospital Association considers a ransomware attack on a hospital to be a threat-to-life crime. Attacks like these interfere with a hospital’s ability to provide care, which puts patient safety in jeopardy. In Germany, a September attack sadly provided confirmation of the AHA’s notion; it’s believed to be the first cybercrime to lead to a patient’s death.

The demands placed on health care systems by COVID-19 have only left providers more vulnerable to cyber risks. With the increase in telehealth visits and shift to a remote workforce, a care provider’s network is expanded, which opens the door to more cyberattacks. Hospitals continue to be stretched thin ─ from patient surges, limited beds and overworked and emotionally fatigued clinicians, to financial and operational strain and ever-changing compliance and regulatory demands. 

Care organizations are juggling this taxing and emotional environment while trying to remain steadfast in protecting their data and devices from cybercriminals who are increasingly skilled, targeted, sophisticated and looking to exploit a chaotic environment.

It starts with a click

A ransomware attack starts when someone receives a phishing email and clicks on the provided link. This act allows a cybercriminal to install malware and gain access to security credentials and even access a provider’s network, which can lead to a host of operational and safety issues, including:

  • Network outages
  • Locked electronic health records and clinical systems
  • Forced closure of a health care facility
  • Stolen patient data
  • Compromised patient health and safety

Boost internal security measures

Minimizing the risk of a cyberattack starts inside a health care organization. Hospital administration must lead by example and make cyber safety part of the culture. Health systems should conduct ongoing education to inform employees of the risks and the severity of potential consequences.

Along with full staff participation, providers can also beef up security with multifactor authentication – such as a token or smart card – to provide an additional layer of protection when hospital staff enters their network sign-on and password. In addition, health systems should make it mandatory for all vendors to have the appropriate security credentials. 

An extension of the IT team

Cerner and Fortified Health Security have joined forces to give health care providers a comprehensive approach to cybersecurity and to be an extension of their IT team. Through this collaboration, Cerner supports the security posture of health systems with Fortified as a managed security services provider (MSSP) that can supply tools to deter cyber threats and offer services, such as:

  • Ongoing risk assessment and mitigation
  • Vulnerability threat management
  • 24/7 security operations center and event monitoring
  • System penetration testing to identify strengths and weaknesses in IT systems, networks and infrastructure
  • Phishing and security awareness training
  • Security program development advisory services

The pandemic has placed overwhelming demands on health care systems, and the need for comprehensive cybersecurity measures has only accelerated. With monitoring, vendor credentialing, establishing a culture of cyber safety and the expertise of an MSSP, health care providers can stay focused on delivering quality patient care – even in the most chaotic of environments.

From managed services to purpose-built security solutions and compliance preparedness, Cerner provides the expertise and unique approach to cybersecurity necessary to help keep your data and your patient’s data protected. Learn more here.

More like this: