October is national Cybersecurity Awareness Month. Cybercrimes are a constant threat, and health systems are among the most frequently targeted entities. To keep our health system and our patients safe, we’ll be sharing information on some of the most relevant cybersecurity topics each week in October.
As a health system, we must have adequate levels of protection for the sensitive data we manage to protect both ourselves and the patients we care for.
Cyberattacks not only disrupt healthcare providers, they also disrupt patient care. Hypothetically, if a Ballad Health provider was phished and had their credentials stolen, a hacker could use that information to log into Epic and access patient information to sell on the black market. Even more dangerous, a hacker using those credentials could potentially change a patient’s medication or procedure or discharge the patient prematurely.
According to a research study published in September 2021 by the Ponemon Institute, approximately 43% of the 600 healthcare IT professionals surveyed said they had experienced a ransomware attack within the last two years that disrupted the ability to care for patients. Of those who experienced a ransomware attack:
- 70% said the attack led to delays in procedures and tests, resulting in poor outcomes.
- 36% said the attack led to an increase in complications from medical procedures.
- 22% said the ransomware attack led directly to an increase in mortality rate.
A ransomware attack impacts patient care as well as an organization’s ability to operate.
Devastating data breaches in healthcare
Trinity Health breach — In 2020, Michigan-based Trinity Health experienced a ransomware attack within one of its customer-relations vendors. This attack compromised more than 10 million records, including protected health information, social security numbers and financial payment data.
AMCA breach — Usually, hackers who steal patient information will sell it on the dark web. For example, in 2018, hackers breached the American Medical Collection Agency (also known as AMCA) and stole patient data that was later listed for sale on dark web forums. When AMCA’s four largest clients terminated their agreements, they were forced to file for bankruptcy.
Anthem breach — In 2015, the largest healthcare industry cyberattack in history occurred when hackers used a phishing email to gain access to insurance provider Anthem’s corporate databases, which contained sensitive patient health information. The hackers stole nearly 79 million records, including employee data, insurance numbers, medical IDs, income data and more. Anthem agreed to pay $115 million to resolve litigation resulting from the attack and was ordered to triple its cybersecurity budget.
HCA Healthcare breach — One of the most recent cybersecurity attacks was discovered on July 10, 2023, by HCA Healthcare. This attack on the Nashville-based company centered on the exposure of protected health data due to insufficient access controls within an automated email process and a failure to implement reasonable security practices to monitor and control external accesses. This attack could impact as many as 11 million people and ranks in the top five breaches of healthcare data. Litigation and fines from this attack are still unknown.
A few safety tips
Ballad Health’s IT department has numerous safeguards and protections in place to keep our data safe. But it’s also up to each team member to do their part.
- Create a strong password or, even better, create a passphrase.
- Always be wary of clicking on any attachment that comes with a suspicious email. Before clicking on a link, hover over it with your mouse, WITHOUT clicking or tapping on the link. When you hover over the link, the cursor will change from a pointer to a small hand and will show you the webpage address that your browser will display, if you click the link. If you don’t recognize the link or are not expecting the link, don’t click on it.
- Remember, it’s not the email address you should hover over with the cursor – it is any suspicious link within the email. You should also verify that the email address is one you recognize, especially if the sender purports to be from within Ballad Health. Also, if the message has the yellow-colored warning message at the top of the email message, you know this email originated from an email system external to Ballad Health.
- When reading a link, double-check it to make sure it’s spelled correctly. If it’s not, don’t click on it.
- Don’t trust messages that attempt to get you to reveal any personal information.
- Guard your personally identifiable information (PII) by limiting what information you share online.
Please remember: If you receive a suspicious email or an email containing a suspicious link, you should use the Phish Alert function in Outlook to notify our IT security team.
