May 18, 2023

Heightened focus on cybersecurity amid ransomware attacks, data breaches

Editor's Note

Cybersecurity remains a top concern and potential hazard for patient data.

In February, Lehigh Valley Health Network in Allentown, Pennsylvania, was attacked by a ransomware gang BlackCat, which has ties to Russia, Becker’s Health IT reports. The health system has since notified 627 individuals and will continue to “provide notices to all individuals whose information was involved as required as soon as possible,” a hospital spokesperson said.

Lehigh Valley is not alone in its challenges with cybersecurity. Earlier this year, Phoenix-based Banner Health paid $1.25 million in settlement after potential HIPAA violations left 2.81 million consumer’s health data exposed in a 2016 data breach, due to insufficient system activity monitoring, among other issues.

Moreover, researchers reported in the JAMA Health Forum that 374 ransomware attacks have been carried out “against clinics, hospitals, dental offices, diagnostic laboratories, emergency medical services, and other healthcare delivery organizations between 2016 and 2021.” The number of annual attacks rose from 43 to 91 during that time, exposing some 42 million patients’ personal health information.

ECRI lists failure to manage cybersecurity risks associated with cloud-based clinical systems fifth in their list of the top 10 health technology hazards of 2023. While cloud-based systems can offer benefits when compared to traditional systems, much of the workload and control is shifted to the cloud provider. Failure to understand and plan for the differences leaves health systems at risk of a security event that disrupts patient care.

The Department of Health and Human Services recommends everyone “be aware of suspicious activity, keep systems up to date, and immediately patch any vulnerable systems.”

Live chat by BoldChat