Recent Healthcare Cybersecurity Breach: St. Lawrence Health SystemsGreg Garner
Did you know that, according to the FBI, ransomware assaults are a threat to the entire US health care system? These groups are threatening because they disrupt the health care system’s operations. They also steal private data.
The recent healthcare cybersecurity breach that occurred in the St. Lawrence Health System in October 2020 shows this threat is real.
If you run a healthcare clinic or a hospital, then you’re probably curious about what happened on this day. You might be worried that it might happen to you. Maybe you also want to know how to protect your and your clients’ data.
It’s a scary thought, the idea that someone might suddenly break into your data systems. It’s even scarier that they would hold that data hostage until you give them the money needed to get that information back.
That’s why we’ve put together this article. We’ll review everything that happened during the St. Lawrence Health System breach. Once you know more about cybersecurity in healthcare in 2020, you’ll be able to protect yourself better from these attacks.
Read on to learn more.
The Recent Healthcare Cybersecurity Breach
Once you understand how healthcare data breaches in 2020 happened, you can prepare so it doesn’t happen to you. So, first, we’ll review details of what happened at the St. Lawrence Health System when a ransomware gang attacked.
It happened on the morning of Tuesday, October 27, at around 4:30 AM. Three hospitals in the St. Lawrence Health System were attacked by a ransomware gang. Their internal systems were at risk.
These hospitals were Gouverneur, Massena, and Canton-Potsdam.
Even though no employee or patient information was compromised, it’s scary that this happened. Many lives as well as data could have been at stake. It was a dangerous situation.
How Hackers Get In
Here’s how hackers use ransomware when targeting hospitals. First, they find a way into the system. One way is to attack it directly physically. For example, a gang member could insert a USB stick with the ransomware on it into a computer. This computer is connected to the system. As a result, the ransomware can spread.
They can also steal a staff member’s phone. Once they. have the phone, they can gain access to the larger system.
They can also use phishing emails to get staff to accidentally download the ransomware. It infects their computer, and then the entire system.
Once hackers have gotten into the system, they hold it ransom. This is effective, especially with health systems. We’ll go into the reasons why in the next section.
The Type of Ransomware
The ransomware used was a new type of Ryuk ransomware. Because it was new, the security these hospitals had was not prepared for the attack. Security agencies and antivirus software providers were not enough. There was no security in place to block this ransomware.
So, once the ransomware was in place, it would be possible for the ransomware attackers to demand the hospital pay them money. This money would be in exchange for the stolen data. While this is a potential solution, it has two problems.
One problem is that the hospital system loses money that could be used for other important things. These include healthcare treatments, healthcare research, and saving lives.
The additional problem is this. If the ransomware attackers receive money for the data they’ve stolen, they’ll know that this attack worked. This means they will keep attacking healthcare systems.
After all, if it worked once, they’ll think it can work again.
As a result, more data and health will be endangered. So, there has to be another solution. Here’s what the IT team and hospital staff did when the St. Lawrence Health system security occurred.
The Health System Fought Back
Fortunately, the St. Lawrence Health system knew exactly what to do. First, their Information Services (IS) Department shut down the network that was being affected. Then, they disconnected all their systems.
Then, the hospitals didn’t use their networks. Instead, they used backup processes they had put into place. They had these in case there ever was a ransomware attack.
This included the use of offline documentation methods.
As a result, the hospitals could continue to do the work they needed. As a result, there were no lives were at stake. So they could deal with the ransomware problem. It was at this point that they realized the ransomware was not one they had seen before.
This happened a few hours after the attack.
When they discovered this, they had to bring in the authorities in. The authorities were needed to deal with this serious security issue.
Bringing in the Authorities
Once the IS Department at the St. Lawrence Health systems became aware of the ransomware being a new variant of Ryuk ransomware, they got in touch with the Department of Homeland Security, FBI, and other authorities. They also communicated with the New York Health Department.
With the help of the authorities, they implemented security strategies that made it possible to protect the data of their staff and patients.
They implemented IS Security procedures, methods, and controls, working with security partners and with the authorities to stop the ransomware threat and get their systems working properly as soon as possible.
They also contained the attack so that it would not spread to other parts of their network. If this were to happen, more data would be at risk. Fortunately, this was possible since the ransomware attack was detected only hours after it occurred.
Additionally, while working with the Department of Health, the affected hospitals diverted ambulances to other hospitals. That way, they could focus on the ransomware assault without impacting the health of people coming in for emergency treatments.
Medics were also asked to record everything with pen and paper, instead of putting it into the system as usual.
This continued into the late afternoon.
Informing the Public
The St. Lawrence Health systems also took measures to inform the public about what was going on, so that their patients and patients’ families would understand exactly what was happening.
They put a Facebook post where they explained that they were dealing with the problem that was affecting their computer systems. Additionally, they explained that, as far as they knew, patient information had not been compromised.
They also informed patients that they would go ahead with scheduled procedures if possible. Additionally, they noted that urgent care and emergency care would still be available.
By informing the public of what was going on, the St. Lawrence Health systems would be able to operate as effectively as possibly while they dealt with the ransomware attack.
Back to Normal (Sort Of)
Later that day, it was possible for the healthcare system to return to normal. Once they had established a plan that involved analysis, mitigation, and remediation, the IS Department was able to start rebooting its network the very day the attack had happened.
This involved rebooting the system in steps, securely and progressively.
They then released a statement saying that, at that point, no employee or patient data had been copied, accessed, or compromised in any other way. However, this was not confirmed on the day of the attack itself, since the investigation was still underway.
In the past, the Ryuk ransomware gang has been able to access patient data before the encryption of the file occurs.
Later in the week, after these ransomware attacks had occurred, the FBI, CISA, and the HHS’s Department of Health and Human Services made a public joint advisory. In this joint advisory, they warned about the fact that these Ryuk ransomware attacks would be surging.
They warned the public healthcare groups and hospitals of America that they were likely to be targeted. Additionally, they said that there was evidence that these attacks would be likely to rise.
In this joint advisory, public healthcare groups and hospitals were given guidance on how to protect their networks in the future from attacks. They were also given advice on what to do in the case of an attack happening.
Additionally, they were given a list of signs of an attack occurring. In theory, this should protect hospitals and public healthcare groups from future attacks. Unfortunately, this is unlikely.
We’ll explain why at the end of this article.
Why Did It Happen?
The reason these hospitals were targeted is for the same reason healthcare cyber attacks in 2019 occurred. Hospitals are the perfect target for ransomware attacks. This is because the computer records hospitals have—if they no longer have access to them—can cause people in their hospital to die.
As a result, hospitals are desperate to get back this information. Ransomware attackers take advantage of this desperation, blocking the hospital from having access back to its private information until they’re paid.
The ransomware infects a computer, after which a message pops up saying that they have to be paid for the hospital to get its data back.
Even though the St. Lawrence Health systems were able to deal with this threat well, other hospitals might have to pay to get their data back.
Additionally, there is another reason why cybersecurity breaches in hospitals are occurring so often now. Because the COVID-19 crisis is currently going on, many hospitals are dealing with an influx of patients. Ransomware attackers see this as an opportunity to overwhelm hospitals and make their position even direr when they are attacked.
The St. Lawrence health systems are not the only hospital systems that have been attacked recently. This has been happening a lot recently, in large part because of the COVID-19 crisis (as mentioned above). Additionally, many hospitals are now storing their information in their networks, more than in the past. This makes them the perfect target for this type of attack.
At Universal Health Services, for example, there was an attack so massive that they had to go offline for several days instead of several hours.
In October, when the St. Lawrence Health systems breach occurred, it happened alongside several others. These attacks also happened to Sonoma Valley Hospital, Sky Lakes Medical Center in Oregon, and the University of Vermont Health Network.
The healthcare cyber attacks statistics say it all. According to Harvard University, nearly 30 million patient records kept by health institutions have been affected by breaches occurring since 2019.
Healthcare cybersecurity statistics in 2020 aren’t comforting, either. In the 2020 State of the Healthcare Cybersecurity Industry report, it demonstrated that 75% of healthcare systems don’t have the appropriate strategies in place to address a cyber attack if it occurs.
Additionally, it was reported that 96% thought data attackers were outpacing them when it came to their medical enterprises.
Given these statistics, it’s likely that healthcare breaches like the one that occurred with the St. Lawrence Health systems will happen again. And this time, patients and staff may not be so lucky. They might lose some of their valuable data stored in these health systems.
Need More Information?
Fore more information on the breach notification rule, read What is HIPAA Training? Now that you’ve learned about the recent healthcare cybersecurity breach that occurred to the St. Lawrence Health systems, you might need additional information. Maybe you want to learn about how you can help prevent these breaches. Or maybe you want to learn more about how confidential patient data is stored.
Whatever you need to know, we’re here to help. At HIPAA Exams, we’re experts when it comes to healthcare security. We can also teach you everything you need to know about the HIPAA Privacy Rule. To learn more about how we can help you, contact us here.