About a year ago, the WannaCry and Petya viruses had ravaged through hospital IT systems around the United States. The results were crippled hospitals, EHR outages, no ability to bill or record medical records and a complete reversion to paper records.
How have we grown in 2018? Not very far!
Hospitals—especially rural and critical access hospitals—have nearly remained virtually unchanged as cybercriminals have continued to sharpen their tools and skillsets. Hospitals remain one of the largest sitting ducks, left completely underprepared for the next big attack.
In 2017, the WannaCry ransomware attack hit over a quarter of a million systems, knocked hundreds of businesses offline and even caused hospitals to refuse service to patients in need.
With IT infrastructure destroyed or damaged from attack, many in healthcare have been slow to recover (costing on the upwards of millions of dollars in missed opportunity all because of one bad link in an email).
What’s even more concerning is these attacks—seen as being targeted to healthcare organizations—all could have been prevented if proper network configurations and security habits were implemented (things that don’t cost an arm and a leg to resolve).
The cold hard fact was that healthcare wasn’t ready (and still isn’t!) to deal with an attack that can sweep through a network and encrypt everything in its path.
But that’s not to say folks didn’t know of potential risks with their networks. Many very good people in rural healthcare knew (and many still know) that their networks are not up to snuff. But many remain under the belief (or at least hope) that this stuff we all see in the news can’t or won’t happen to them.
What many hit by cyberattacks of the likes of WannaCry say to these administrators? “We wouldn’t wish this on even our enemies”.
It’s that bad.
Think of being offline for weeks upon weeks. Think about your entire staff so frustrated that at any moment they might just break down and cry. Think about all the patients relying on nurses and staff, who are distracted or upset because they can’t access their EHR. Think about all of the possibilities that patient care takes second place to frustrations that nothing is working.
This is serious business. And those that have experienced it wouldn’t want you to experience it too!
Today I want to briefly talk about how cybersecurity has changed for healthcare over the last year.
The Good?
Not everything has to be bad news when it comes to cybersecurity.
In fact, those rural hospitals that have invested small amounts (or simply changed their security behaviors) have made big strides to avoid cyberattacks that otherwise would have penetrated and shut down their networks.
A review from some of the top cybersecurity firms across the country reveals that those facilities that invest in ransomware prevention actually decrease the likelihood of attack by over 1,000%! Instead of attacking facilities that are hard to attack (networks that are patched and environments that don’t have a slew of lingering security vulnerabilities), actually are not targets. Rural hospitals that recognize that they need a strategy more so than more money to address cybersecurity are a thousand times less likely to become a cyber target.
The good news is that eliminating your hospital’s risk is as easy as starting with a ransomware vulnerability assessment.
The Bad?
The ugly part of this story is that ransomware viruses—of the likes of WannaCry are not going anywhere and in fact are getting worse in 2018. The bad guys have seen how well their tactics have worked and are finding more ways to target more facilities. In their mind, if it’s not broken why fix it? If they’re making money off of hospitals, why attack someone else?
The Ugly?
Ransomware attacks continue to pummel healthcare offices to the point of no return. The consequences of a ransomware attack lead to patients finding other hospitals and the government penalizing your rural hospital from maximizing its Medicare reimbursements.
Hospitals coming out of ransomware attacks often are on the brink of bankruptcy and many cannot afford to keep their lights on by themselves. The majority of hospitals we’ve helped remediate ransomware have had to resort to being bought out by larger facilities, a sentiment that sometimes stings throughout your entire community.
But Not Is All Lost!
If you’re reading this and worrying about what to do next, not all is lost! The fact that you’re concerned about keeping your hospital healthy and to ensure that your patient files continue to be accessible speaks volumes to the fact that you care about your hospital and will likely do the work to make it secure.
As I mentioned above, cybersecurity is not about shelling out big bucks to become secure. It’s about strategically investing time into making sure your network is secure and recoverable. It’s about guiding your staff to change small habits and behaviors to make your network as secure as possible. By doing small things, you’ll eliminate (or nearly so) the risks you currently have looming over your network.
Are you certain your network will outstand a cyberattack? Contact us TODAY for a free ransomware vulnerability assessment.
