Boston Children’s Health Physicians (BHCP), part of the Boston Children’s Hospital network of care, announced that a cyberattack on its IT vendor occurred on September 6, resulting in exfiltrated files after unauthorized activity on its network. Those impacted include patients, current and former employees, and guarantors. Exposed data includes full names, SSNs, Addresses, DOBs, driver’s license numbers, MRNs, health insurance data, billing and treatment information. BHCP confirmed that the attack did not impact its electronic medical record systems, as they are hosted on a separate network. The BianLian ransomware gang claimed the cyberattack earlier this week and said that unless a ransom is paid, they will leak stolen files that allegedly include finance and HR data, email correspondence, health and insurance records, and data related to children.
Steve Hahn, VP of Americas, BullWall had this to say:
“There is a reason HIPPA has strict compliance guidelines and cyber security is supremely important to the security of hospital records. Ransomware attacks on hospitals continue to rise, and are a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, but always compromise the security of sensitive patient information.
“The impact of these attacks can be devastating. They can leave patients and their families open to new harms at what is likely the most vulnerable point in their lives, and can leave institutions struggling to preserve patient care, protect their data and regain control of their systems. Whether a ransom is paid or not, the costs in terms of potential patient and caregiver impacts (as well as dollars) can severely impact these already struggling patients and their caregiving institutions. It’s particularly egregious that this attack focuses on clinicians serving the youngest, most vulnerable of patients.
“Healthcare providers MUST expand beyond mere alerting, and institute actual ransomware resilience that can immediately contain an attack and proactively prevent server intrusion. They need MFA to every server, every session, working towards a zero-trust environment and, most importantly, they need containment and recovery strategies in place. In the same way that defense experts ‘war game’ physical attacks, knowing that solely focusing on preventing them isn’t viable, our major healthcare institutions must move to protect their critical infrastructure the patients and caregivers in their charge. This means operating from the vantage point that ransomware attacks are not a case of “if” but “when” – and implement resilience against ransomware to immediately thwart attacks and attempts at propagation, encryption and exfiltration.”
Once again healthcare is the target of a cyberattack. We keep talking about the fact that this is a sector that needs to put more focus on making sure that this isn’t something that keeps being repeated. I’m personally wondering when we will see that actually start to happen.
Related
This entry was posted on October 18, 2024 at 12:03 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Boston Children’s Hospital’s BHCP Pwned In Cyberattack
Boston Children’s Health Physicians (BHCP), part of the Boston Children’s Hospital network of care, announced that a cyberattack on its IT vendor occurred on September 6, resulting in exfiltrated files after unauthorized activity on its network. Those impacted include patients, current and former employees, and guarantors. Exposed data includes full names, SSNs, Addresses, DOBs, driver’s license numbers, MRNs, health insurance data, billing and treatment information. BHCP confirmed that the attack did not impact its electronic medical record systems, as they are hosted on a separate network. The BianLian ransomware gang claimed the cyberattack earlier this week and said that unless a ransom is paid, they will leak stolen files that allegedly include finance and HR data, email correspondence, health and insurance records, and data related to children.
Steve Hahn, VP of Americas, BullWall had this to say:
“There is a reason HIPPA has strict compliance guidelines and cyber security is supremely important to the security of hospital records. Ransomware attacks on hospitals continue to rise, and are a serious threat to public health and safety. These attacks not only disrupt the delivery of essential medical services, but always compromise the security of sensitive patient information.
“The impact of these attacks can be devastating. They can leave patients and their families open to new harms at what is likely the most vulnerable point in their lives, and can leave institutions struggling to preserve patient care, protect their data and regain control of their systems. Whether a ransom is paid or not, the costs in terms of potential patient and caregiver impacts (as well as dollars) can severely impact these already struggling patients and their caregiving institutions. It’s particularly egregious that this attack focuses on clinicians serving the youngest, most vulnerable of patients.
“Healthcare providers MUST expand beyond mere alerting, and institute actual ransomware resilience that can immediately contain an attack and proactively prevent server intrusion. They need MFA to every server, every session, working towards a zero-trust environment and, most importantly, they need containment and recovery strategies in place. In the same way that defense experts ‘war game’ physical attacks, knowing that solely focusing on preventing them isn’t viable, our major healthcare institutions must move to protect their critical infrastructure the patients and caregivers in their charge. This means operating from the vantage point that ransomware attacks are not a case of “if” but “when” – and implement resilience against ransomware to immediately thwart attacks and attempts at propagation, encryption and exfiltration.”
Once again healthcare is the target of a cyberattack. We keep talking about the fact that this is a sector that needs to put more focus on making sure that this isn’t something that keeps being repeated. I’m personally wondering when we will see that actually start to happen.
Share this:
Like this:
Related
This entry was posted on October 18, 2024 at 12:03 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.