The recent global breach hit the United Kingdom's National Health Service especially hard. But outdated systems and a lack of updates made the incident predictable. Some simple steps could have reduced the risk.
By now, news of the “largest ransomware attack in history,” has spread far beyond IT and cybersecurity circles. Over the course of a weekend, hackers launched a global ransomware attack that affected more than 300,000 computers globally—halting day-to-day operations at organizations on 3 continents. Some of the hardest hit victims were hospitals, particularly in the United Kingdom.
Intelligence and cybersecurity experts have determined that the WannaCry ransomware attack disrupted operations at more than 50 National Health Service (NHS) trusts—including hospitals, surgical centers, rehabilitation centers and pharmacies—in England, and an additional 13 in Scotland. By encrypting data and locking users out of their operating systems, the attackers blocked health professionals from accessing patient records, managing appointments and even halted some surgeries. Thus, hundreds of appointments had to be cancelled, ambulances were forced to change routes and operations were delayed.
Unfortunately, this is not the first instance of a cyberattack on healthcare institutions—the NHS had encountered a number of more localized disruptions in the months leading up to the WannaCry attack. Despite warnings from IT experts and security companies, hospitals and other health agencies are at risk for future large-scale attacks.
Earlier this month, I spoke on a panel at the spring meeting of AJMC®’s ACO and Emerging Healthcare Delivery Coalition, where I was joined by other IT experts to discuss the new era of accountable healthcare. The reality of modern healthcare cybersecurity today is not a question of if, but when health systems will suffer a breach. Our health system and the organizations that comprise it must take every action possible to stay ahead of the curve.
It is now more important than ever to recognize that organizations need better, more frequent training for health professionals and more robust company policies to prevent history from repeating itself. Below are some tips to help companies reduce the chance of another WannaCry attack:
1. Make security part of company culture. Hospitals and other healthcare organizations are prime targets for hackers for the patient information they possess. By adopting company policies and values that keep privacy and security at the core of operations, organizations can help employees take on a more proactive mindset regarding security from day one. Consider using tactics like a mentor program, professional development and town halls to better communicate with employees.
2. Don’t treat it as “check the box.” Going through the motions can leave organizations vulnerable to the fast-evolving nature of cyberattacks. Hackers are constantly coming up with creative tactics to infiltrate and halt systems. Their aggression can only be met by proactive, innovative thinking geared toward staying a step ahead. Organizations should know what legacy systems are on their network and where they may have potential exposures. Separating legacy systems from primary networks can help limit exposure to attacks.
3. Teach people the basics. In many cyberattacks, including this most recent incident, a single user can infect an entire organization’s system by simply opening the wrong email. Make sure that all employees understand how to recognize a suspicious email, corrupted files and other red flags. Equipping teams with basic cybersecurity knowledge and best practices can help eliminate many of the quickest routes for malware to infiltrate systems.
4. Update your systems. The countries and industries who were most impacted by the WannaCry ransomware attack were those that had not updated their operating systems in a timely fashion. It is now known that hackers utilized a hole in Microsoft operating systems. Microsoft offered a “patch” to address this vulnerability months ago; however, the attack was still overwhelmingly effective because NHS computers were using a 15-year-old, out-of-date version of Windows XP that does not offer support or security updates. In addition, hundreds of thousands of users across the globe failed to proactively update their systems accordingly. Organizations should ensure they are keeping up with software updates, regularly installing security patches and developing a strong incidence response plan to expedite the handling of responses to attacks.
By taking these steps, companies can help defend the health system from another large-scale attack. I encourage all healthcare professionals to research cybersecurity best practices that will undoubtedly help protect your organization or facility.
Follow Dan Konzen on Twitter @dankonzen or LinkedIn https://www.linkedin.com/in/dankonzen/.
Early Involvement Critical in Treating Immunotherapy-Induced Overlap Syndrome
April 19th 2024A series of case studies reveals the importance of early diagnosis and involvement of special teams of clinicians when dealing with potential cases of overlap syndrome, which encompasses myocarditis, myasthenia gravis, and immune checkpoint inhibitor–related myositis.
Read More
Overcoming Employment Barriers for Lasting Social Impact: Freedom House 2.0 and Pathways to Work
April 16th 2024To help celebrate and recognize National Minority Health Month, we are bringing you a special month-long podcast series with our Strategic Alliance Partner, UPMC Health Plan. Welcome to our second episode, in which we learn all about Freedom House 2.0 and the Pathways to Work program.
Listen
Making Giant Strides in Maternity Health Through Baby Steps
April 9th 2024To help celebrate and recognize National Minority Health Month, we are kicking off a special month-long podcast series with our strategic alliance partner, UPMC Health Plan. Welcome to our first episode, which is all about the Baby Steps Maternity Program and its mission to support women throughout every step of their pregnancy journey.
Listen
Government agencies have created an online portal for the public to report potential anticompetitive practices in health care; there are changes coming to the “boxed warning” section for chimeric antigen receptor T-cell therapies (CAR T) to highlight T-cell blood cancer risk; questions about the safety of obesity medications during pregnancy have arisen in women on them who previously struggled with fertility issues.
Read More
Real-World Study Reveals Key Insights Into DLBCL Treatment Patterns, Outcomes
April 18th 2024A recent study offers valuable insights into the characteristics, treatment patterns, and outcomes of diffuse large B-cell lymphoma (DLBCL) in patients across different lines of therapy, providing a look into the landscape of DLBCL management.
Read More