Ransomware tied hospital death


HIPAA - Ransomware tied to hospital deathThis week Germany reported what was claimed to be the first ransomware related death of a woman who needed to be transported to another facility when their hospital was shut down from an effective ransomware attack. The truth is, we warned last year that this was inevitable, and we even cited a report conducted by Vanderbilt and the University of Central Florida that found an uptick in fatal heart attacks in facilities that had experienced a ransomware attack in the US. Although we found the direct causality to be weakly associated, we did agree the conclusion was accurate – it was just a matter of time before deaths from ransomware attacks on healthcare facilities were going to happen.

What can you do about it? Most ransomware attacks are triggered through emails. Keeping your staff well trained on how to handle attachments and links in emails will protect you against 80% of ransomware threats. But that won’t stop all of them, and it only takes one email sent to a single user to lock down your entire network.

In addition to user training, you should be flagging all emails that originated outside of your internal network with an alert that says this email came from an outside source and any links or attachments could contain malware. Ask your IT to set this up for you, or we can help.

Second, if you have a firewall that allows for subscription-based defenses, you should enable those features. Catching malware and attacks at the perimeter is far more effective than relying upon your staff to catch them once they’re inside. If your firewall doesn’t allow for such features, consider upgrading to one that does. It’s a small price to pay in the greater scheme of your cybersecurity.

Finally, be mindful that the volume of attacks and the sophistication of attacks have increased dramatically this year. Your staff needs to be constantly reminded of the threats you’re facing. The mentality of “suspect everything” is not too far fetched given the activity we’re seeing.

We’re here to help any way we can. We’re determined to help you protect your organization, your employees, and your sensitive data.

Think twice before you click.

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.

For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.