A patient data breach costs hundreds of dollars per record compromised, with reputation damage and loss of productivity on top of that. This is why cyber security is something that healthcare organizations can’t afford to ignore.
Here are three scary (true!) stories of healthcare organizations that did NOT have good security protections is place and paid the price for it.
#1 Concentra knew what they needed to do to protect their data, but didn’t do it.
In 2014, Concentra Health Services agreed to pay the OCR nearly $2 million following a data breach.
Concentra had report to the OCR that a laptop had been stolen from one of their locations. The OCR then investigated and found that Concentra had past risk analyses conducted which indicated they should be encrypting laptops, desktop computers, medical equipment, and other devices.
Even with the knowledge that it posed a great risk to their data, Concentra chose to ignore these requirements.
The result was a huge penalty, costs to the company’s image, and extensive time devoted to adopting a corrective action plan.
The takeaway: Make sure all your devices that are used to access patient data are encrypted and kept locked up when not in use.
Your I.T. company should be keeping you up to date on required security measures like this one, so you can avoid a situation like the one Concentra found themselves in.
#2 It was weeks before Legacy Health realized the hackers were in their system.
This Portland, Oregon health system fell victim to one of the most common attacks used by hackers - a phishing email.
Multiple employees were fooled by phishing emails that allowed the hackers to gain access to their email accounts, and eventually, the protected health information of 38,000 patients.
Legacy Health followed the proper procedures of notifying all patients affected, as well as the Department of Health and Human Services, and placed additional access restrictions on their company email accounts.
The takeaway: Do your employees recognize a phishing email when they see one? Educate and test them on security awareness, and spotting faulty email addresses and suspicious messages.
Phishing attacks are the leading cause of data breaches. Don’t let your company get hurt by this kind of criminal activity.
#3 This Missouri organization couldn’t unlock their data.
Hospital officials at Betty Jean Kerr People’s Health Centers realized too late that their systems had been infected by malware.
Hackers seized the records of 152,000 patients and encrypted them, demanding a ransom from the organization for unlocking the data. Betty Jean Kerr refused to pay and hired a third-party I.T. firm to assist in getting the data back.
Unfortunately, even with their combined efforts the data remained locked. Ransomware attacks like this one have become all too common.
The takeaway: Make sure you I.T. company has put the essential protections in place to keep a hacker from getting into your network.
You must also ensure that your sensitive data is being backed up regularly and that those backups are secure.
If you have an immediate I.T. need, or would like one of our experts to come and assess your current I.T. protections, just call us at 509-534-4874. Clients of Design I.T. Solutions have to date never lost data or paid a ransom for stolen data.
Want to ensure you’re keeping hackers from stealing what’s yours?
Get your FREE copy of our new report: The Top 10 Ways Hackers Get Around Your Firewall and Anti-Virus to Rob You Blind
And now, a story from someone we were able to help during a crisis:
Prior to Working With Us, Grays Harbor Community Hospital Was Hit With Ransomware, and Design I.T Solutions Stepped in to Help
“In June 2019, Grays Harbor Community Hospital was hit with the RYUK Ransomware, which impacted all systems that worked with our Hospital EMR and also brought down our Clinical EMR. Needing help beyond our own staff, we called Design I.T. Solutions, and they had troops on the ground that same day. They went straight to work, actively removing the hackers from our system.
"Once the hackers were removed, Design I.T. Solutions worked with us to rebuild all of our servers and our clinical EMR. With their assistance, we were able to avoid paying millions of dollars in ransom money. There is no way we could have done this without Daniel and his team.
"One of the things I appreciate about Design I.T. Solutions is the company culture. Working with them doesn’t feel like working with a vendor. Instead, they feel like an extension of our own I.T. Department.
"I am able to contact who I need to, when I need to, and they are available and knowledgeable in our technical environment.
"Design I.T. Solutions has demonstrated a willingness to help out in any area, at any time, as demonstrated with the RYUK cyber-attack. Within hours of us reaching out to them, they were on site. I have never encountered this kind of response from other vendors.
"Because of the positive interactions/outcomes we experienced with Design I.T. Solutions, we decided to switch to them from another vendor for all our main clinical support for Centricity, along with ancillary infrastructure/server support. It has been a great transition.
"The way Design I.T. Solutions has integrated into our I.T. department with a personal touch has been a unique experience for us. The close communication between our organization and theirs allows us to work through issues or requests in an efficient and timely manner.”
Brad A. Wallace
Director of Information Technology
Grays Harbor Community Hospital
Grays Harbor, Washington