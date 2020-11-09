Cybercriminals take advantage of coronavirus pandemic, striking Sonoma hospital, other health care organizations

With COVID-19 focusing the nation’s attention on hospitals, they’re also getting attention from another group: cybercriminals.

They see a financial opportunity to line their pockets by attacking hospitals with ransomware, according to cybersecurity experts and federal agencies.

In a ransomware attack, cybercriminals use malware — or malicious software — to lock down an organization’s system until ransom is paid. Nationally, in the last few months, hospitals have become the biggest target for such hacks.

The FBI, the Department of Health and Human Services, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on Oct. 28 warned about increased ransomware threats to hospitals across the nation, according to The New York Times.

One of the known victims is in the North Bay.

Sonoma Valley Hospital announced on Oct. 22 that its computer system was hacked on Oct. 11. The hospital said its cybersecurity team, outside IT and forensics experts were able to block access and expel the cybercriminals from its system. However, the investigation so far indicates the cybercriminals may have removed a copy of a subset of the hospital’s data, potentially compromising some of its patients’ medical information, though not their financial information.

The hospital said its electronic health records system also was spared from the hack.

Sonoma Valley Hospital has not paid ransom and is cooperating with law enforcement, according to its Oct. 30 updated statement. The hospital has been able to continue providing patient care as it works to restore full hospital operations.

Check Point, a cybersecurity firm with U.S. headquarters in San Carlos, tracks ransomware attacks against the health care sector. Between September and October alone, the firm reported a 71% spike in such hacks.

Sutter Health, which operates Sutter Santa Rosa Regional Hospital and Novato Community Hospital in the North Bay, said it’s aware of the upsurge among cybercriminal activity, and that its area facilities have not been impacted.

“The recent news of upticks in cyberattacks on hospitals and health care systems is reflective of the increased activity we have seen during the COVID-19 pandemic,” according to a Sutter Health spokesperson. “Sutter Health’s proactive approach to cybersecurity means that we continuously assess the threat landscape and adapt accordingly to prioritize the safety and privacy of our patients, workforce and organization.

“In addition to constantly evolving our protocols and deploying a robust information security infrastructure to defend against ever-changing threats, we regularly conduct employee education campaigns about phishing and other cybercrimes, work closely with government officials to implement industry best practices, and keep our patients informed about protecting their personal information online and off.”

A spokesperson from Kaiser Permanente, which operates medical centers in Santa Rosa and San Rafael, said in an email statement: “We are aware of the threat and are monitoring our systems closely.”

Hospitals are particularly vulnerable to ransomware attacks because they have numerous systems that are open to the internet, said David Trepp, partner in BPM's Information Technology Audit and Compliance (IT Assurance) Group in Eugene, Oregon.

A hospital typically gives access to employees, providers, patients and visitors, as well as to business associates, vendors and a host of medical specialists, Trepp said.

Financial institutions also are susceptible to ransomware attacks, as are small businesses without the funds to invest in a highly resilient security system.

Banks and credit unions pose a narrower risk because they have a more limited number of vendors, specialists and business associates to communicate with through their systems, Trepp said.

“(Another) reason why health care organizations are such ripe attack targets is that they're just simply not regulated as heavily as a financial institution,” he said, noting banks and credit unions must undergo annual security examinations through the FDIC, National Credit Union Association or other regulatory body.

Hospitals, however, aren’t required to submit to such annual examinations.

John Riggi, senior advisor for cybersecurity and risk at the American Hospital Association, said there are steps hospitals and health systems can take to protect against ransomware attacks.

“Health care providers should proactively implement certain cybersecurity measures such as ensuring current, air-gapped backups of electronic health records and clinical and nonclinical data, expediting patching of all Internet-facing resources, and test their incident response plans as soon as possible,” Riggi said. “Hospitals should also be prepared to reroute patients to hospitals outside their area if there is a simultaneous regional outage of multiple-hospital IT systems.”