A ransomware attack beginning in September has left Betty Jean Kerr People’s Health Centers scrambling. The health center declined to pay the ransom, as such they are unable to access their computer networks. However, they have hired a forensic information tech firm to try to recover the patient data.
Protected health information (PHI) that may have been exposed in the ransomware attack includes patient names, addresses, dates of birth, Social Security numbers, pharmacy data, clinical data, insurance information, and dental X-rays. The health center has notified the 152,000 affected patients, and has recommended that patients monitor their account statements. They will also be offering free credit monitoring to affected patients.
How to Protect your Organization Against a Ransomware Attack
Ransomware attacks occur when a hacker gains unauthorized access to an organization’s network, often encrypting or stealing files. Files are inaccessible by the target until a sum of money is paid for their return.
To protect your organization from a ransomware attack the Department of Health and Human Services (HHS) recommends the following ten cybersecurity practices:
- Email protection systems
- Endpoint protection systems
- Access management
- Data protection and loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cybersecurity policies
Healthcare organizations are increasingly targeted by hackers as the wealth of information they hold on their patients has a high value on the darkweb. Information obtained from a healthcare breach can be used to commit identity theft, fraud, or used to blackmail patients. Implementing the recommended cybersecurity practices can save your organization from a ransomware attack, preserving your reputation and your wallet.
Need Help with HIPAA?
Let our complete HIPAA solution handle it.