Experts are warning that a cyberattack targeting Prospect Medical Holdings and the Eastern Connecticut Health Network could lead to delays in life-saving treatment and the release of personal health and financial information.
Some services remained down at ECHN and Waterbury Health on Wednesday after the hospital systems’ parent company — California-based Prospect — was hit by a ransomware attack.
ECHN operates Manchester Memorial Hospital and Rockville General Hospital in Vernon. Waterbury Health operates Waterbury Hospital.
Vahid Behzadan, an assistant professor in computer science and data science at the University of New Haven, said that health systems being targeted is fairly frequent, and repercussions could include compromised HIPAA-protected information, such as health history records.
Health systems are commonly targeted, he said, largely because of the urgent care they provide and their strong reliance on computers, leading to the necessity of restoring their systems as quickly as possible.
John Riggi, senior adviser for cybersecurity and risk for the American Hospital Association, said that health care systems being hacked has ramped up in the past decade with more reliance on computers and an increase in the digitization of health records.
He said that while that approach helped save lives during the pandemic as there were more people working and attending doctor appointments remotely, it also made systems more vulnerable to hack.
“Unfortunately, an unintended consequence of all of this integration and use of internet and network technology expanded our digital attack surface,” Riggi said, who previously worked for 28 years as an FBI agent, last serving as senior executive in the cyber division running national cyber programs.
Many foreign-based hacking groups — primarily from Russia, China, North Korea, and Iran — are exploiting vulnerabilities in the United States, he said.
While not speaking specifically about the Prospect hack, Riggi said that in similar cases, sensitive information about patients, including their health history, and credit card and banking information, could be held for ransom.
Some hospitals also could have sensitive medical research information that would be interested to hostile nations, he said, adding that a majority of medical research attacks have been associated with the Chinese government.
The hackers could hold the data hostage and threaten to release it on the internet or sell it on the dark web, Riggi said.
“Sometimes, unfortunately, health care systems find themselves in this very difficult predicament in that sometimes they may find themselves being forced to pay so that the data is not publicly released,” Riggi said.
Lucrative targets
The malicious piece of software such as the one that breached Prospect’s system encrypts data on computers and demands the owners pay a ransom to retrieve access to their data.
“It’s very much like somebody coming into your office and putting a lock on your filing cabinet, and then asking you for money in exchange for a key to that lock,” Behzadan said. “This seems to be what happened in the Connecticut health network case.”
Behzadan said that it’s not clear whether Prospect was targeted deliberately as ransomware campaigns can be based on blanket searches of vulnerable systems. However, once “a juicy target” is found, a larger ransom demand is more likely, he said.
“Bad guys understand that it is very lucrative to attack health care and hospitals in particular,” Riggi said. “They often portray it as an economic crime, but the reality is these are actually threat-to-life crimes because when a hospital is attacked, lives are in danger.”
While not speaking about the Prospect hack specifically, Riggi said that similar breaches have resulted in ambulances being diverted, cancer treatments delayed, and the loss of access to critical information needed to treat a patient and electronic health records.
“All of these things delay health care delivery and create a patient safety risk,” he said. “Ultimately, we need these bad actors to understand that when they attack a hospital, they cross a bright red line. These are no longer financial crimes; these are threat-to-life crimes, and the full attention of the federal government and our allies will be placed upon them.”
The FBI has opened an investigation into the Prospect hack.
ECHN officials could not be reached immediately to determine what the hackers are seeking or what data has potentially been compromised.
Ransom
Ransoms that are paid often come in the form of cryptocurrency because the transactions are more difficult to track.
While some ransomware attacks call for action from the victim, “this particular case seems to be a monetary ransom operation,” Behzadan said, reiterating that he doesn’t have any inside information and is basing his assumption on media reports.
Behzadan said that he’s not aware of ransom payments paid by other health care systems because they don’t typically make those payments public.
Riggi said the American Hospital Association follows FBI and federal government recommendations strongly discouraging paying ransom, and that less than half of ransoms are actually paid.
However, if payments are made, it is generally done because of compromised health care provided to patients, he said.
“If a payment is made, it is under duress,” Riggi said. “It’s like having a digital gun pointed at their heads, and if a payment is made it is with the intention of maintaining patient safety.”
Precautions
Behzadan said that some hospital systems may have a breach due to insufficient maintenance of their infrastructure or a lack of financial investments.
Safety measures, he said, should include protecting each computer on a system, monitoring them for activity, securing backups offsite, having policies in place before hacks occur, and sufficient training for the operators and maintainers of computers.
Keeping large computer systems safe from hackers is “very difficult,” Behzadan said. “That’s why it requires specialized personnel as well as a significant investment.”
“Cybersecurity is always an economic game,” he said. “You want to make it as difficult as possible for the attacker to compromise the system” while maintaining the integrity of the service.
Riggi said that “no computer code can be 100 percent immune from cyberattacks, but I think the industry can certainly do a much better job.”
Ultimately, security begins with purchasing the most secure technology available, and ensuring security throughout the system all the way to the person using a computer, he said.
“Most often, it is the end user who is targeted for these attacks through a phishing email,” Riggi said, adding that there must be cyber response plans integrated with emergency procedure plans on all systems.
There should also be a continuous sharing of cybersecurity protocols among health care systems throughout the country as well as with the federal government to support a national approach, he said.
Nonetheless, “no organization, not even the federal government, is 100 percent immune from cyberattacks,” Riggi said.
Depending on individual circumstances, Behzadan said that some breaches in other systems have taken weeks, sometimes months, to secure and ensure that computers were no longer infected or vulnerable.
“In very general terms, it’s a minimum of three to four weeks before core systems can be brought back online and fully recovered,” Riggi said.
However, there tend to be lingering effects that could last for months, he said, and data that is not fully backed up could be lost forever.
——————————————————–
Click Here For The Original Story From This Source.
