Latest Cyber-Security Attack on Hospital Brings More Attention to the Threat of Health Care Hackers (Part 2 of 3)

Friday, March 4, 2016
By George F. Indest IV, Director of System Services, The Health Law Firm,
and
George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law


(Part two of a three-part blog)

You would think that health care professionals, who are saving lives every day at busy hospitals, wouldn’t have to worry about cyber-attacks or protecting network computers. However, recent events have put this security threat at the top of the list. Recent cyber-attacks such as the one at Hollywood Presbyterian Medical Center just the latest example of a U.S. medical provider on the wrong end of a digital assault made possible by a lack of security measures. It seems that cyber criminals are targeting hospitals in the belief that because of the nature of the work, they are more likely to pay up.

This is a three-part blog series on cyber-attacks on hospitals and health care systems, click here to read part one.


Hollywood Hospital Hackers.


In the recent case, a prominent hospital in California, Hollywood Presbyterian Medical Center, was forced to pay hackers $17,000 in bitcoin in order to unlock its computer systems. The hackers took control of the system by using ransomware, which is a type of malware that can only be unlocked when the ransom sum is paid.

It seems that hospitals have become a bulls eye for cyber-attacks, which only reaffirms the need for cyber-security measures to be put in place to stop these types of attacks. Hospitals are put at a stand still when they cannot access their computer systems which contain valuable patient information and often are the life source for key tools for running medical equipment. Not only is the protection of patient information important, cases like this recent one, can diminish staff morale and even the hospital’s reputation for care.


Cyber-Security Measures.

Hospitals, more than other professional environments, need to prepare for a cyber-attack just as they would prepare for a natural disaster, sudden influx of patients or other emergency situation. It is not clear in the Hollywood Presbyterian Medical Center case, how the hackers infected the computer systems. However, it could have been as easily as a hospital staff member clicking on a malicious link or attachment in an email.

The U.S. Food and Drug Administration (FDA) previously issued an alert on cyber-security guidelines for medical devices and hospital networks. Click here to read it.

According to the FDA, there are steps and precautions to take, to fight back against these cyber criminals:

1.    Restricting unauthorized access to the network and networked medical devices.

2.    Making certain appropriate antivirus software and firewalls are up-to-date.

3.    Monitoring network activity for unauthorized use.

4.    Protecting individual network components through routine and periodic evaluation, including updating security patches and disabling all unnecessary ports and services.

5.    Contacting the specific device manufacturer if you think you may have a cybersecurity problem related to a medical device. If you are unable to determine the manufacturer or cannot contact the manufacturer, the FDA and DHS ICS-CERT may be able to assist in vulnerability reporting and resolution.
6.    Developing and evaluating strategies to maintain critical functionality during adverse conditions.


Think Before You Click.

With cyber criminals becoming more aggressive, it’s important that every staff member is more conscience when they are clicking on links and attachments in emails. Hackers are becoming more sophisticated and finding ways to get around anti-virus software. You are essentially your own firewall, be aware of anything you open or click on.

In addition to the FDA's recommendations above, in Part 3 of this blog, we will give some additional tips that medical groups, physicians, hospitals and other health facilities should be following to reduce the risk of a breach of security such as that experienced by Hollywood Presbyterian Medical Center.


Contact Experienced Health Law Attorneys.


The Health Law Firm routinely represents physicians, pharmacists, pharmacies, optometrists, nurses, health facilities, healthcare related businesses, and other health providers in investigations, regulatory matters, licensing issues, civil and administrative litigation, defense of HIPAA complaints and violations, regulatory matters, inspections and audits involving the Drug Enforcement Administration (DEA), Federal Bureau of Investigation (FBI), Department of Health (DOH), matters involving the Centers for Medicare and Medicaid Services (CMS), the Food and Drug Administration (FDA), the Agency for Health Care Administration (AHCA), and other regulatory and law enforcement agencies. Its attorneys include those who are board certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.


About the Authors: George F. Indest IV, is a computer systems scientist and is the Director of Systems Services at The Health Law Firm in Orlando, Florida.  George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm.  The Health Law Firm has a national practice.  Visit our website at:  www.TheHealthLawFirm.com.  The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, FL 32714, Telephone: (407) 331-6620.


Sources:

Do, Trang. “Hospitals vulnerable to cyber attacks that can harm patients.” ABC News. (March 3, 2016). Web.

Venditto, Gus. “Lessons learned from a cyber attack.” Health Care IT News. (November 3, 2015). Web.


KeyWords: medical records data breach attorney, cyber-attack, cyber-security, securing patient data, ransomware, Hollywood Presbyterian Medical Center, data hackers, health care IT attorneys, how to protect patient information, health care defense attorney, lawyer for health facilities, healthcare provider legal counsel, data breach defense counsel, stolen patient data, patient privacy information, health law attorney, health law, medical records security, The Health Law Firm

The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 2016 The Health Law Firm. All rights reserved.
3/4/2016

Like this blog? Add your public comments:

Items in bold indicate required information.