Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Hospital. Show all posts

Hospitals Paralyzed by Cyberattack, Emergency Services Diverted

Several hospitals in Pennsylvania and California were compelled to close their emergency departments and redirect incoming ambulances due to a recent uptick in cyberattacks, which created a frightening situation. The hack, which targeted the healthcare provider Prospect Medical Holdings, has drawn attention to the fragility of essential infrastructure and sparked worries about how it would affect patient care.

The malware hit Prospect Medical's network, impairing its capacity to deliver crucial medical services. No other option was available to the hospitals that were impacted by the attack other than to temporarily close their emergency rooms and divert ambulance traffic to other hospitals.

The severity of the situation cannot be understated. Hospitals are at the heart of any community's healthcare system, providing life-saving treatments to patients in their most critical moments. With emergency rooms rendered inoperable, the safety of patients and the efficacy of medical response are compromised. Dr. Sarah Miller, a healthcare analyst, voiced her concerns, stating, "This cyberattack has exposed a glaring weakness in our healthcare infrastructure. We need robust cybersecurity measures to ensure patient care is not disrupted."

The impact of the cyberattack extends beyond immediate patient care. It raises questions about data security, patient privacy, and the overall stability of healthcare operations. As patient information becomes vulnerable, there is a risk of data breaches and identity theft, further exacerbating the challenges posed by the attack.

Prospect Medical Holdings has since released a statement acknowledging the cyber incident and expressing its commitment to resolving the issue promptly. The company is working with cybersecurity experts to contain the breach, assess the extent of the damage, and implement safeguards to prevent future attacks.

Government agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), are also actively involved in investigating the attack and providing support to the affected hospitals. Michael Johnson, a spokesperson for CISA, emphasized the agency's dedication to assisting healthcare providers in enhancing their cybersecurity posture. Dr. Emily Collins, a cybersecurity expert, noted, "Hospitals need to invest not only in advanced cybersecurity technologies but also in training their staff to recognize and respond to potential threats."

As hospitals work tirelessly to restore normalcy and bolster their defenses against cyber threats, this incident underscores the urgent need for a collaborative approach involving healthcare providers, cybersecurity experts, and government agencies to ensure the resilience of our healthcare system in the face of evolving cyber risks.

Ransomware Attacks on U.S. Hospitals Causing Deaths

Every day we are witnessing ransomware attacks, and companies worldwide are investing millions to protect their network and systems from digital attacks, however, it is getting increasingly challenging to fight against cyber threats because cyber attackers do not only use traditional methods, they are also inventing advance technologies to fortify their attacks.

Hospitals and clinics are a top target of malicious attackers since reports suggest that the annual number of ransomware attacks against U.S. hospitals has virtually doubled from 2016 to 2021 and is likely to rise in the future given its pace, according to what JAMA Health Forum said in its recent research. 

As per the report, the security breaches exploited the sensitive information of an estimated 42 million patients. “It does seem like ransomware actors have recognized that health care is a sector that has a lot of money and they're willing to pay up to try to resume health care delivery, so it seems to be an area that they're targeting more and more,” lead researcher Hannah Neprash said. 

JAMA Health Forum conducted research over five years on U.S. medical facilities, in which they have discovered that the attackers exposed a large volume of personal health data over time and in coming years the attacks will increase by large.

According to Neprash’s database, clinics were targeted in 58% of attacks, followed by hospitals (22%), outpatient surgical centers (15%), mental health facilities (14%), and dental offices (12%). 

Threat actors exploit open security vulnerabilities by infecting a PC or a network with a phishing attack, or malicious websites and asking for a ransom to be paid. Unlike other cyber attacks, the goal of malicious actors, here, is to disrupt operations rather than to steal data. 

However, it becomes a great threat because it can jeopardize patient outcomes when health organizations are targeted. 

In 2019, a baby died during a ransomware attack at Springhill Medical Center in Mobile, Ala. As per the data, 44% of the attacks disrupted care delivery, sometimes by more than a month. 

“We found that along a number of dimensions, ransomware attacks are getting more severe. It's not a good news story. This is a scary thing for health care providers and patients,” Neprash added. 

Ponemon Institute, an information technology research group published its report in September 2021, in which they found out that one out of four healthcare delivery organizations reported that ransomware attacks are responsible for an increase in deaths. 

“Health care organizations need to think about and drill on — that is practice — these back-up processes and systems, the old-school ways of getting out information and communicating with each other. Unfortunately, that cyber event will happen at one point or another and it will be chaos unless there is a plan,” said Lee Kim, senior principal of cybersecurity and privacy with the Healthcare Information and Management Systems Society, in Chicago.

Cyberattack Targets US Hospital in Texas

Just several weeks following one of the largest healthcare cyberattacks in the US, another hospital system was taken down by a ransomware attack. 

According to a report, OakBend discovered that cybercriminals had accessed its network and encrypted parts of its system on September 1, 2022. In reaction, OakBend started working on network restoration before getting in touch with a third-party data security organization to help with the business's investigation into the event.

The investigation revealed that OakBend Medical Center's computer system had been accessed without authorization and that the hackers had been able to delete some of the material that was accessible.

OakBend Medical Center started looking through the affected files after learning that private customer information had been made available to an unauthorized entity, in order to ascertain what information had been hacked and whose customers were impacted.

On October 28, the medical system notified the Department of Health and Human Services (HHS) of a data breach affecting approximately 500,000 people. The attack has been linked to the ransomware and data extortion gang Daixin Team.

The group, which was formed in June of this year, has financial motivations. Fitzgibbon Hospital in Missouri was its prior victim, and the gang claims to have stolen 40GB of confidential data, including personnel and patient records.

Additionally, CommonSpirit, which manages over 140 hospitals in the US, decided not to reveal the precise number of its locations that were experiencing delays. However, a number of hospitals have reported being impacted, including CHI Memorial Hospital in Tennessee, some St. Luke's hospitals in Texas, and Virginia Mason Franciscan Health in Seattle.

According to Brett Callow, a cybersecurity specialist at Emsisoft, ransomware has been used to breach 19 significant hospital chains in the United States this year.

OakBend stated: "Our analysis shows that only a small quantity of data was really transported outside of the OakBend computing environment, even though we are aware that the hackers had access to OakBend's servers to encrypt our data. However, it does seem that the cybercriminals were able to access or remove several employee data sets and some reports that contained the private and medical information pertaining to our present and past patients, employees, and connected individuals."

To all those whose information was affected as a result of the current data breach, OakBend Medical Center handed out data breach notifications on October 31, 2022.

 Cyberattacks Against US Hospitals are Growing Rapidly

Ransomware has emerged as one of the most challenging issues in cybersecurity and a threat to industries worldwide. With ransomware, hackers extort businesses and organizations by breaking into and frequently holding computers and files hostage. However, it can have a particularly negative impact on patient care when it affects hospital networks and cascades across the nation. 

According to The Des Moines Register, ransomware hackers targeted MercyOne in the first few days of October as part of a more significant attack that resulted in hospital-wide outages at many other health systems. It was unclear how many of the 140 hospitals under the management of CommonSpirit Health, a nonprofit healthcare organization with headquarters in Chicago, were impacted, and the organization declined to disclose the number.

Since having the tonsils removed, Kelley Parsi brought her 3-year-old son to a hospital in Des Moines, Iowa, where she anticipated that the staff would treat his pain and dehydration and then send him home. She claimed that instead, the excursion turned into one of her most terrifying days ever.

She was told by the resident doctor that he had accidentally given him five times what was prescribed, due to the computer system that automatically calculated medication doses not functioning. Later, she found out that part of the hospital's digital equipment had been disabled by a cyberattack. While her son's body digested the overdose, she waited several hours in fear.

In addition, CommonSpirit, which operates more than 140 hospitals in the United States, opted not to disclose the number of its locations experiencing delays. However, a number of hospitals have reported being impacted, including Virginia Mason Franciscan Health in Seattle, certain St. Luke's hospitals in Texas, and CHI Memorial Hospital in Tennessee.

According to Brett Callow, an expert at the cybersecurity company Emsisoft, ransomware has been used to hack into 19 major hospital chains in the United States this year.

Due to patient confidentiality, MercyOne, Parsi's hospital, declined to comment on her condition. "It was dedicated to delivering safe, high-quality treatment for all patients we serve in their time of need," a representative said in a statement.

The U.S. government lists health care as one of 16 important infrastructure sectors. Hackers view healthcare organizations as prime targets.

However, a significant assessment by the government Cybersecurity and Infrastructure Security Agency and a poll of healthcare IT experts concluded that a ransomware attack on a hospital puts more strain on its capabilities generally and raises death rates there.

345,000 People are Affected by a Data Breach at ARcare

 

ARcare announced a data breach after an unauthorized party acquired access to sensitive information stored on the company's computer servers. The names, dates of birth, financial account information, and Social Security numbers of some people were exposed as a result of the incident.

ARcare sent out data breach notices to those whose information was compromised on April 25, 2022. The Arcare breach, according to the US Department of Health and Human Services, affected 345353 people. 

ARcare, a community health clinic in Augusta, Arkansas, offers services such as chronic disease management, behavioral health, and HIV treatment. The healthcare provider discovered the personal information about individuals had been exposed on April 4 and began notifying potentially affected individuals and regulators on April 25. 345,353 people may have been infected, according to the US Department of Health and Human Services (HSS). 

ARcare learnt about a data security incident affecting its software system on February 24, 2022, according to an official document filed by the business. As a result, the corporation took steps to secure its computer systems and initiated an inquiry to discover more about the incident's origin and scale. 

The data breach alert states, "ARcare is examining and updating existing policies and procedures relevant to data protection and security.ARcare is also looking into additional security measures to minimize any risk related to this incident and to better prevent future instances."

ARcare confirmed on March 14, 2022, how an unauthorized entity had gained access to and perhaps removed sensitive data from the ARcare network. Between January 18, 2022, and February 24, 2022, an unauthorized entity got access to the system.

Ransomware Attack on Hospital Associated with Baby’s Death

 

An infant birthed in Alabama subsequently died of heavy brain injury due to botching because the hospital faced a ransomware attack, a lawsuit states. However, this 2019 ransomware paralyzed hospital in the United States will defend itself in November against the death of a baby which is reportedly caused by a cyber attack. 

The file is the very first public credible allegation that anyone was killed at least partially by attackers who shut down hospital computers remotely in an effort at extraction, a steadily growing practice in cybercrime. 

The prosecution was originally reported by The Wall Street Journal by Teiranni Kidd, the baby's mother. It says that Springhill Medical Center, a hospital, had not told her that perhaps the hospital computers went down because of a cyberattack, and when she came to deliver her daughter, they provided her severely reduced treatment. 

In 2019, Springhill stated it had suffered a "network security incident," a typical cyber strike euphemism. Springhill stated at that time to see a regular amount of patients, as that of the local news station WKRG reported, although some of them turned away due to a ransomware attack. 

First, in January 2020 Kidd sued the hospital and then modified the case when her daughter died in July. A response request was not answered by the hospital. Kidd refused to speak since her case is underway. 

The legal proceedings showed that Kidd wasn't notified about the cyberattack when she went to give birth to a baby girl and also that doctors and nurses then overlooked several key tests, which showed that the umbilical cord was wrapped all around the neck of the baby and caused brain damage, which resulted in death, nine months later. 

“It’s an awful thing, but we’ve been expecting this for years to happen, because when things go wrong, eventually somebody’s going to die,” Liska said. 

It wasn't the first occasion wherein homicide allegations involving ransomware have been brought, but it is the first instance where a case has indeed been brought before the court. The nearest was an instance from September last when a German patient passed away in a re-routing ambulance owing to ransomware attacked the hospital. At the moment a negligent murder inquiry was initiated by German police and they stated that they could be liable for attacking them. 

Furthermore, given the time and lack of scruples to be directed at a healthcare center, Springhill has refused to name the ransomware behind the July 2019 attack.