Illinois Hospital Forced to Close Due to Ransomware Attack
A Growing Threat to Healthcare Providers
An Illinois hospital, St. Margaret’s Health (SMH), has made the difficult decision to permanently close its hospitals, clinics, and other facilities due, in part, to a ransomware attack that occurred in February 2021. This unfortunate incident serves as a stark reminder of the existential threat that online extortion campaigns, such as ransomware attacks, pose, particularly for resource-strapped small and rural hospitals.
The ransomware attack on SMH’s systems had a devastating impact on the hospital’s operations, crippling its ability to collect payments from insurers for services rendered. The attack not only shut down the hospital’s IT network, email systems, and electronic medical records (EMR) portal, but it also forced employees to resort to paper records, leading to significant delays in processing claims and receiving payments from insurance plans.
This attack highlights a troubling trend in the healthcare industry, with multiple organizations being forced out of business due to cyberattacks. Security analyst and researcher Adrian Sanabria maintains a list of organizations that have closed as a direct result of cyberattacks, and it currently includes 24 organizations, many of which are small and across various sectors. Significantly, 10 of the organizations on the list were victims of ransomware attacks that occurred after 2014, indicating the increasing prevalence and impact of this type of cyber threat.
The Vulnerability of Small and Rural Hospitals
According to Joshua Corman, former CISA chief strategist and current vice president of cyber safety strategy at Claroty, other hospitals, especially smaller ones and those located in rural areas, are at risk of facing similar challenges as SMH. These hospitals, which are often already facing financial strains due to the COVID-19 pandemic, are particularly vulnerable to the disruptions caused by ransomware attacks. Corman warns that hospitals situated far away from other healthcare facilities and alternative care options are most likely to face closure in the aftermath of such attacks.
Smaller hospitals, especially those in rural areas, often lack the resources to maintain a full-time security staff and struggle to obtain adequate cyber insurance coverage. These factors further exacerbate their susceptibility to cyberattacks and their capacity to recover from such incidents. It is crucial for policymakers and industry stakeholders to address these issues and provide financial assistance and support to smaller healthcare entities that are rich in potential targets but poor in cybersecurity resources.
Cyber-Hygiene and Assistance Measures
The need for improved cyber-hygiene practices and increased support for healthcare providers’ cybersecurity efforts is more urgent than ever. Mike Hamilton, former CISO for the City of Seattle and currently in the same role at healthcare cybersecurity firm Critical Insight, emphasizes the importance of limiting employee access to the internet within healthcare environments. By implementing strict controls and restrictions, similar to a control room that operates a dam, healthcare IT teams can significantly reduce the potential for user actions that could lead to cyberattacks.
In addition to internal measures, it is crucial for healthcare systems to engage with regional resources, such as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), to mitigate risks and respond effectively to cyber threats. Administrators and top management at smaller and rural healthcare systems should advocate for assistance from state and federal authorities and prioritize patching vulnerabilities identified by CISA. They should also take advantage of the free cybersecurity tools and resources offered by CISA.
Conclusion
The closure of St. Margaret’s Health due to a ransomware attack serves as a wake-up call for the healthcare industry and policymakers. The increasing frequency and severity of cyberattacks on healthcare organizations, particularly smaller and rural hospitals, require immediate attention and action. Measures must be taken to improve cyber-hygiene practices, provide financial assistance, and ensure that healthcare providers have access to the necessary resources and support to protect their critical systems and data.
Ransomware attacks are a man-made hazard that can have dire consequences for healthcare providers already operating on thin margins. It is incumbent upon policymakers, industry stakeholders, and healthcare providers themselves to work together to address this urgent issue and develop comprehensive strategies to defend against cyber threats and safeguard the vital services provided by hospitals and healthcare systems.
<< photo by Pixabay >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- “Is the Healthcare Industry Prepared for the Growing Threat of Ransomware Attacks?”
- ActZero and UScellular Partner to Provide Mobile Devices Protection Against Ransomware Attacks
- “Cyber Warfare Unveiled: Unmasking the Russian APT ‘Cadet Blizzard’ behind Ukraine’s Devastating Wiper Attacks”
- The Power of Knowledge: Unleashing the Potential of the World’s Largest PDF Archive for Malware Research
- In the Crosshairs: FCC Task Force Tackles Data Breaches and SIM-Swaps
- The Power of Research: Safeguarding Private Data in the Digital Age
- Navigating the Shifting Tides of Network Security
- The Urgency of Securing Critical Infrastructure from Ransomware Attacks
- The Rise of System Intrusions: Why They Pose a Greater Threat than DOS Attacks
- The Rise of Cyber Threats: Fake Researcher Profiles Target GitHub Repositories
- “After a Decade of Elusive Pursuit, Gozi Malware’s IT Mastermind Finally Sentenced to Jail”
- Automated SaaS Ransomware Extortion: A New Era of Cyber Threats
- How Public Key Infrastructure (PKI) Can Help Mitigate Data Breaches
- Ransomware Surge and Human Error Blamed for Data Breaches: Verizon 2023 DBIR Reveals
- Darkening Skies: Uncovering Microsoft’s Revelation of a Russian APT Behind Wiper Attacks
- Unraveling the Strategic Blueprint: Analyzing Russia’s Hybrid War in Ukraine
- China’s Cyber Espionage: Exploiting a VMware Zero-Day to Infiltrate Windows and Linux Systems
- The Illusion of Safety: Exploring the Deceptive Nature of Popular Messaging Tools
