Health Provider CIOs Have To Deal With Ransomware

CIOs have a new challenge that they have to deal with
CIOs have a new challenge that they have to deal withImage Credit: Quinn Dombrowski

Nobody ever said that being the person in the CIO position is an easy job for anyone to have. However, lately it sure seems as though it is becoming even more difficult. The bad guys have decided that instead of breaking in and stealing our data, they now are breaking in and configuring our systems in a way that we can no longer use them. They’ll undo what they’ve done, but only if we agree to pay a ransom. What are CIOs to do now?

Health Care Industry Under Attack

The health care industry is one area where the person with the CIO job is facing ransom demands in increasing levels. As an example, a hospital was attacked and a ransom demand was made. In the days after the attack, the health system was forced to cancel services including radiology, endocrinology and respiratory therapy. The organization transferred patients to other hospitals. Cash registers, email and fax were unavailable. Doctors had to resort to pen and paper to document medical conditions, and with prescription records inaccessible, patients were asked to bring medication bottles to visits. In health care the importance of information technology is critical to daily operations.

Cyberattacks like this are pummeling doctors, dentists and community hospitals around the country, causing some to turn away patients and others to close their doors permanently. Health organizations are an attractive target for cybercrime thanks to their valuable medical and billing information. The data can be sold for insurance-fraud purposes or it can be locked up and used to extort money from the affected health organization.

Smaller health-care organizations are at greater risk because they generally don’t have the resources for robust security tools and their CIO many not have a dedicated cybersecurity specialist to monitor and patch their systems. Last year, about 57% of medical practices in the U.S. had 10 or fewer physicians and about 15% were run by solo practitioners, according to the American Medical Association. Three Alabama hospitals have been operating under emergency procedures since a cyberattack. The hospitals—DCH Regional, Northport and Fayette—are part of the same system and share IT resources.

Dealing With The New Reality

At another health facility that has been hit by a ransom demand, at one hospital their email is down and doctors are keeping written notes after patient visits. IT staff is working around the clock on eight-hour rotations and about 60 nurse managers, department directors and other top administrators gather with the chief operating officer four times a day to go over technology and operational updates. The hospital system is encouraging nonemergency patients to seek assistance from other providers.

The American Dental Association said that hundreds of dental practices were affected by a ransomware attack against two dental-focused technology providers. The incident locked dentists out of their data but patient information is believed to be uncompromised. A Wisconsin dentist said she has been overwhelmed dealing with the incident and there are more repercussions than one might assume. After a ransomware attack, companies typically conduct digital forensic investigations to make sure systems and data are no longer vulnerable. Some equipment might have to be replaced and if backup data is outdated or encrypted, rebuilding files can be expensive and lengthy.

Some small health-care organizations don’t have the money to bounce back from a cyberattack. A ransomware incident is forcing Wood Ranch Medical in Simi Valley, Calif., to close its doors. They sent a note to their patients saying “Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. As much as I have enjoyed providing medical care to you, I will not be able to attend to you professionally after that date.” Brookside ENT and Hearing Center in Battle Creek, Mich., permanently closed its doors after a ransomware attack. All of the company’s electronic data was made inaccessible after it decided not to pay a ransom, and the practice stayed open for a short time to refer patients to other health providers.

What All Of This Means For You

CIOs already have their hands full as they attempt to move the company’s operations into the cloud. As though they didn’t have enough to do, now what is happening is the bad guys are changing their tactics. The bad guys are breaking in, encrypting critical systems, and then demanding a ransom to unencrypt the systems. CIOs need to be aware of this and they need to understand what to do if this happens to them.

The health care industry is finding itself under attack from the bad guys who want to charge a ransom to unencrypt their systems. When they are hit, they end up having to cancel services and revert to hand written information tracking. Health care companies are attractive targets because they have patient data and billing information. Smaller providers are at greater risk because they often don’t have the IT resources that they need to keep their IT systems secure. Recently dentists were targeted because the bad guys had determined a way to break into systems that were being used by many different dental providers. Smaller health care providers may not be able to come back from an attack and the end result of an attack may be that they have to close their doors permanently.

The world has changed. CIOs have to be aware that they no longer have to be on the defensive against just having bad guys break into their networks. Now they have to come up with ways to defend the company against bad guys who will break in and encrypt vital systems and demand a ransom. Being aware that this kind of event can happen is the first step. Creating secure backups and making sure that they have a plan for dealing with a potential ransom demand is critical. CIOs need to be able to anticipate the future and have a plan for dealing with it when it comes.

– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills™

Question For You: What do you think that a CIO should do if their company is hit with a ransom demand?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time