Hollywood's Latest Scandal? Holding a Hospital Hostage

August 27, 2016

Recent breaches like those impacting Premera, Blue Cross and Anthem have highlighted that cybersecurity continues to be an urgent concern for every healthcare organization. However, attackers have just upped the cybercrime ante – or in this case, ransom.

Earlier this month, a hospital in Los Angeles fell victim to a crippling cyberattack, in which the criminals responsible took over the computer systems of the Hollywood Presbyterian Medical Center and demanded a ransom to return it.

As reported by NBC LA, the cyberattack began interfering with day-to-day operations of computers essential for documentation, transmittal of lab work, sharing of X-rays and CT scans. According to the hospital’s president and CEO, Allen Stefanek, staff began observing “significant IT issues and declared an internal emergency.”

Most recently, it was confirmed that the hospital was forced to pay $17,000 in ransom to the attackers in order to regain control of its computer system. Why, you may ask? According to Stefanek, paying the ransom was “quickest and most efficient way” to return operations to normal following the attack.

News of this attack comes on the heels of President Obama’s Cybersecurity Information Sharing Act, which included nine pages on healthcare-related cybersecurity measures. This month, Obama has also announced the Cybersecurity National Action Plan (CNAP) to “strengthen the Nation’s cybersecurity,” alongside a proposed 35% budget increase for national cybersecurity spending. With data breaches on the rise, and growing larger and more serious all the time, IT security is clearly in a state of crisis. Though heartening that the government has started to take notice and take action, there is still more that organizations can do to bolster their cybersecurity defenses.

The vicious attack serves as a stark reminder no enterprise is immune to cybercriminal activity. According to a recent TechTarget article on new cybersecurity defenses, almost half of all data breaches could be stopped if companies implemented two-factor authentication and vulnerability management. By the same token, organizations are realizing that one static method is simply not enough for secure access control. Instead, organizations must strengthen their defenses against cyber adversaries by employing an adaptive access control solution.

In the past, many healthcare IT teams have struggled to find a solution that meets their specific needs. Carrying traditional hardware tokens in a clinical environment creates more problems than it solves. However, adaptive access control techniques offer additional layers of security that avoids the burdensome requirements associated with traditional two-factor authentication.

By layering multiple methods such as device recognition, analysis of the physical location of the user, or even by using behavioral biometrics to continually verify the true identity of the end user, not only will organizations maintain a simple user experience, but they will also be taking a bold step in the war against cyber attackers.

The landscape of cybercrime is rapidly evolving, leaving healthcare IT professionals to play catch up. By implementing adaptive authentication, healthcare security teams can deploy a solution that thwarts even sophisticated criminals while empowering their organizations to protect their patients’ data – and ultimately, to protect the lives of their patients.

  • Healthcare

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!