A wave of cyberattacks targeting healthcare facilities has added another victim to the growing list of affecting organizations. In a HIPAA Breach Notification filed last week, Louisiana State University said that sensitive data on thousands of patients in several of its clinics may have been breached.
The Health Care Services Division of LSU Health New Orleans said in the filing, dated November 20, that an incursion into an employee email inbox was likely responsible for the suspected data breach of patient information from seven medical facilities across the state.
Attackers May Have Accessed Sensitive PHI
LSU Health New Orleans said it discovered the incursion on September 18 and disabled the email inbox. It added that the type of information attackers could have gained access to varied depending on which facility the patient visited.
The types of protected health information (PHI) included patient names, medical record numbers, dates of birth, social security numbers, phone numbers, home addresses, and insurance identification numbers. In a few instances, LSU Health said bank account numbers and medical diagnoses could have been accessed.
LSU Health said it has contacted patients who might have been affected by the breach, and that investigations would continue to discover the full extent of the intrusion. It also advised all patients of the affected medical centers to monitor credit reports for any evidence of identity theft.
Healthcare Services Remain Vulnerable to Attack
The sensitive nature of PHI makes healthcare providers a frequent target of ransomware and other cyber attacks. A recent survey from a global healthcare technology advisory group found that 70% of respondents, or 118 organizations, reported significant security incidents in the previous 12 months.
In fact, this year has seen some of the largest data breaches ever recorded. Universal Health Services (UHS), with 400 locations worldwide, fell victim to a Ryuk ransomware attack in September that crippled operations and forced emergency vehicles to reroute patients to other facilities.
Two other healthcare providers — St. Lawrence Health Systems in New York and Sky Lakes Medical Center in Oregon — also reported ransomware attacks in recent months. Security threats have escalated so much that federal agencies issued an advisory last month warning of imminent threats to the healthcare sector.
The advisory warned that malicious cyber actors were specifically targeting healthcare facilities with TrickBot and BazarLoader malware, which could lead to ransomware attacks, data theft, and the disruption of healthcare services.
Securing Your Data Can Save Lives
The wave of cyberattacks against healthcare infrastructure this year has shown just how critical it can be for healthcare providers to implement comprehensive cybersecurity solutions in place. Doctors must have uninterrupted access to patient records, and hospitals going offline can have dire consequences.
In addition to educating all healthcare staff about avoiding phishing email attacks and protecting external storage devices from infection by malware, which remain among the most common access points exploited by cybercriminals, the safe handling and storage of PHI can be critical to how quickly an organization can recover from an attack.
SecureData offers comprehensive solutions to the specific needs and vulnerabilities facing healthcare providers. Our SecureDrive BT line of hardware encrypted external storage devices are HIPAA-compliant and have a full complement of remote management features including remote wipe, geo- and time-fencing options, user logging and much more.
Call us at 1-800-875-3230 to discuss how our products and services can help you avoid costly data breaches and ransomware attacks, and how we can get you back up and running if such an attack occurs.