- A Jan. 11 ransomware attack shut down computers at Greenfield, Indiana-based Hancock Health, HealthITSecurity reports. A statement on the organization’s website says the computers have been recovered and personal data does not appear to have been compromised.
- In a separate incident, personal information on 43,000 patients of West Virginia-based Coplin Health Systems may have been compromised after someone stole an unencrypted laptop from an employee’s car, Healthcare IT News reports.
- In addition, Oklahoma State University Center for Health Sciences has notified about 280,000 Medicaid beneficiaries that their information may have been breached in a cyberattack, FierceHealthcare reports.
Healthcare organizations have been a prime target for cyberattacks in recent years due to the rich stash of personal data their systems hold. Last year, the massive WannaCry virus forced hospitals in the U.K. to suspend all routine procedures and affected businesses in 104 countries worldwide. Other attacks included Defray, a virus spread via Microsoft Word attachments in emails that specifically targets healthcare organizations, and a WannaCry offshoot that disrupted computers at FirstHealth of the Carolinas.
A recent study by Accenture and the American Medical Association found four out of five doctors have experienced a cybersecurity attack. Most common were phishing expeditions, followed by computer viruses. AMA President Dr. David Barbe said the study underscored the need for the government, technology and medical sectors to work together to improve cybersecurity.
A June HHS task force report warned healthcare cybersecurity is in “critical condition” and many organizations lack the infrastructure to identify, track and respond to threats. The report called for more government resources to bolster cybersecurity, including a new federal point person on cybersecurity issues.
According to Black Book Market Research, eight in 10 healthcare organizations lack a chief cybersecurity officer, and 92% of healthcare executives said cybersecurity is not a major concern of their board of directors. More than half of those surveyed said they don’t conduct routine cyber risk assessments.
An earlier HIMSS survey of health IT leaders was more hopeful, with 71% reporting their organization budgets for cybersecurity and 50% saying the allotment is 3% or more of the total budget. Roughly 80% of respondents reported having a dedicated cybersecurity staff and six in 10 said their organization had a chief information security officer or similar C-suite level position.