Covered entities have been stretched thin during the pandemic, and ransomware attacks have made treating patients harder to do. Van Gorder, Scripps Health president and CEO, wrote an opinion piece for The San Diego Union-Tribune discussing lessons learned from the recent ransomware attack against his organization.
At the beginning of May, Scripps Health's IT team detected unusual network activity caused by ransomware. Scripps immediately initiated its security incident response protocols and emergency response plans. Scripps had to take down practically the entire network, including backup servers. This led to physicians and nurses having difficulty accessing medical records and communicating with patients. The ransomware attack disrupted Scripps' operations for four weeks.
Scripps Health was able to restore the network on June 1. However, a recent announcement said that protected health information (PHI) was exposed during the ransomware attack. Federal law enforcement is still investigating the matter. " There are important lessons to be learned—Scripps, like other healthcare systems, is taking further steps to enhance the security of our information security, systems and monitoring capabilities, and adapt to this evolving cyber-threat landscape," said Gorder.
Read more: What to do after you violate HIPAA
"One of the clearest lessons from the recent spate of attacks on critical U.S. institutions is the need for public-private partnerships to manage and combat this issue," wrote Gorder. The U.S. government has stepped up in addressing the growing issue of ransomware attacks. For example, the White House and the Department of Justice recently collaborated to create the Ransomware and Digital Extortion Task Force . While cybercriminals get more sophisticated in their attacks, companies aren't able to protect themselves without assistance from the government. Gorder continues, "Just as protecting the public’s health during a once-in-a-century pandemic takes a village, so will protecting our hospital systems, critical infrastructure, schools, businesses and government entities from criminals who exist in the shadows."
Paubox Email Suite Plus is the solution to protect your network and prevent cyberattacks. Our robust inbound security tools stop threats from even reaching an employee's inbox. It also enables you to send HIPAA compliant emails directly to your patient’s inbox. Say goodbye to patient portals and forgotten passwords.