03.23.2016 Latest "Ransomware" Attack Affects Hospital Data – How Secure Are Your Patient Data?
Several high-profile attacks on health insurance companies and health systems have taught us that health care entities are vulnerable to hackers, who hope to make substantial profit on pilfered health information. The recent infiltration of Hollywood Presbyterian Medical Center in Los Angeles shows that hospitals have to worry about more than just the theft of data – they may have to worry about paying ransom money to get the data back.
Hollywood Presbyterian was subject to a “ransomware” attack, where a hacker, through an infected website or email attachment, seizes a victim’s computer system and holds the data stored within it for ransom. Once paid off, the hackers will provide the victim with the key or code to unencrypt and release the data. In Hollywood Presbyterian’s case, the hackers asked for the ransom in “bitcoin,” an online currency that makes it difficult for law enforcement to trace once it is paid. Hollywood Presbyterian paid roughly the equivalent of $17,000 to get its data back and was back online about ten days after first identifying the problem.
Cyberattacks on hospitals and health systems have been increasing, and, as Hollywood Presbyterian’s case shows, these attacks are now taking place in a wider variety of forms. According to the Ponemon Institute, health care data breaches are also becoming more costly. If providers have not already done so, now is the time to take cybersecurity much more seriously and to seek stronger protections for their electronically-held data. Patients’ data, and their health, may depend on it.