Ashtabula County Medical Center—a Cleveland-based healthcare provider celebrating its 115th anniversary this year—has become the most recent victim of an apparent cyberattack.
What happened?
The company noticed technical disruptions and took its computer systems offline on September 21st. Nearly three weeks later, and the computer systems remain offline.“We are working with independent information technology security experts to conduct a thorough investigation and to safely bring our systems back online,” President and CEO Michael J. Habowski said.The outage affected the company’s five family health centers. Healthcare workers cannot access computers and obtain lab work results, prescriptions, or a patient’s history.The technical problems seem to be the result of a ransomware attack.“This certainly has all the hallmarks of a ransomware attack and, if so, Ashtabula County Medical Center would be the 53rd U.S. health care provider or health care system to be impacted by ransomware so far this year,” said Brett Callow, an analyst at the cybersecurity firm Emsisoft.Ransomware is a type of malicious software that encrypts files and shuts down computer systems. Hackers are often either looking to steal protected health information (PHI) or to demand payment from the victim to restore the systems.
What information was exposed?
So far, ACMC has preserved its healthcare data. It appears that the cyberattack only affected its ability to operate computer systems. Reports are saying ACMC is using pen and paper to record patient information. Not being able to access patient details on their computer systems is undoubtedly stressful for healthcare workers, especially since the disruption has already lasted for weeks.Despite the technical disruptions, ACMC has never stopped providing patient care. However, it did cancel some appointments and elective procedures.“Our first priority is always the safety of our patients and caregivers,” Habowski explained. “The disruption did not impact our ability to safely care for our patients.”Unfortunately, this is not always the case in cyberattack incidents. In fact, just last month a patient in Germany died when she was turned away from a hospital which was shut down due to a ransomware attack.
What happens next?
ACMC will need to find the source of the ransomware and restore its computer systems. This task is often laborious and can take a significant amount of time to accomplish.Once ACMC restores its systems, the healthcare provider will want to implement extra security measures to prevent this scenario from happening again.SEE ALSO: New International Report Outlines Cybersecurity Best Practices
How can an attack like this be avoided?
ACMC has not said how the ransomware occurred, but one of the most commonthreat vectors is email.Email is vulnerable because human error can cause a security breach when someone clicks on a malicious email. Employee training on security risks and potential scams can help prevent successful hacks.SEE ALSO: Why Investing in Ongoing Cybersecurity Training is Good BusinessYou can also increase email security to avoid cyberattacks and HIPAA violations.Paubox Email Suite Plus allows you to send HIPAA compliant email by default to your patients. It also includes robust inbound security that protects your inboxes not only from ransomware, but also from spam, viruses, and email phishing.Don’t become the next victim of a ransomware attack. Security precautions are essential to protecting your computer systems and data.