Ransomware

On January 8, HHS announced a settlement of $337,750 with USR Holdings for a violation of the HIPAA regulations. This is significant due to the nature of the HIPAA Violation. Among the violations by USR Holdings was Deletion of electronic Protected Health Information.

The Microsoft Threat Intelligence Briefing: Healthcare has reported that the healthcare/public health sector was one of the top 10 most impacted industries in the second quarter of 2024 and that there has been a 300% surge in ransomware attacks. There is now an entire industry of RaaS – Ransomware as a service. The same way a doctor can subscribe to have access to an EHR. Bad actors can subscribe to services that will create ransomware for them. Bad actors are also utilizing AI to create ransomware and better target ransomware attacks.

Ransomware attacks targeting industrial organizations has reached new heights and no organization is immune.

To keep your network secure, your office must keep your software up-to-date. Software providers will release updates when there is an identified vulnerability. Ransomware such as Blast Basta will take advantage of these vulnerabilities if you do not patch quickly.

When discussing text messaging, the best practice is to NOT text patients. However, texting can be a useful tool and there are steps your office can take to mitigate the risks associated with texting patients.

Maui ransomware is another ransomware attack on healthcare systems. These attacks are targeting healthcare organizations anticipating they are more likely to pay the ransom. Understand what your office can do to mitigate the chance of getting hit with a ransomware attack.

Microsoft has retired Internet Explorer.

Cybersecurity threats in 2021 were the largest ever. Experts anticipate that the digital environment in 2022 will be even more dangerous. The American Dental Association was hit by a cyberattack that stole personal information and disrupted services.

There are allegations that a ransomware attack at a medical center contributed to the death of an infant. An article in the Wall Street Journal discusses a lawsuit that has been filed against Springhill Medical Center in Alabama, for the death of an infant. This is the first know lawsuit against a medical provider for an injury or death related to the EHR being unavailable due to ransomware.

Interpol has published an article COVID-19 Cyberthreats to discuss threats that have arisen due to the COVID-19 pandemic.