The stunning news that a California hospital paid ransom to regain control of its computer systems after a malware attack serves as a stark reminder that health care facilities need to take a focused and strategic approach to cybersecurity – and AAMI has the resources to help.
This week, Hollywood Presbyterian Medical Center paid nearly $17,000 in ransom to take back access to its electronic records, including sensitive patient data, after a hacking attack that is now under investigation by the FBI. The network had been shut down for about a week, affecting everything from electronic health records to networked medical devices.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption key,” the hospital’s chief executive, Allen Stefanek, said in a statement. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
Based on federal records, hundreds of cybersecurity breaches have been reported by health care institutions, including medical providers, insurers, and hospitals.
“The best approach to cybersecurity, for both health care delivery organizations and device manufacturers, is a proactive one,” said Mary Logan, president of AAMI. “What we’ve heard from security experts time and time again is that you can’t add on cybersecurity after the fact, you have to build it in – to devices, systems, and the culture of an organization. If you don’t invest in protecting your network up front, you will pay for it later.”
For more cybersecurity information, visit AAMI’s special webpage.
