By Rebecca Joseph
“Ransomware Attack Hits Universal Health Services” from The Wall Street Journal”
September 28, 2020
On Sunday, September 27, Universal Health Services Inc. (UHS) fell victim to a ransomware attack. UHS is one of the largest hospital networks in the nation. They had to shut off computer systems used for pharmacies, medical records, and laboratories at 250 UHS facilities on Sunday due to the attack. The hackers did not end up accessing any patient or employee data and no patients were harmed while the systems were down.
In a ransomware attack, hackers take advantage of faults and weaknesses in a computer system in order to hack in and install software on the target network. Then, they encrypt data on the computer, which makes it unreadable. In order to unlock the data, the victim has to pay ransom to the hackers.
Ransomware and other cyberattacks are especially dangerous to the healthcare industry because their computer systems hold highly sensitive and private information. The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to store patient information privately and securely. If a malware attack exposes patient information, HIPAA would require hospitals to publicly disclose a breach of information. Additionally, hospitals could be fined under HIPAA for violating its privacy and security provisions.
Over the past couple of decades, hospitals have grown more reliant on information technology because of the increased use of electronic medical records and networked medical devices.
Patients are very important stakeholders in this type of situation due to the sensitivity of medical records. Information technology managers for healthcare providers should focus their efforts on protecting their systems from future attacks. One solution could be hiring white hatters to hack into hospital systems to identify vulnerabilities that are susceptible to future cyberattacks.