A recent ransomware attack at Seton Medical Centers is the perfect example of how to plan and respond to an emergency.
Seton Medical Centers recently experienced a failed ransomware attack that, thankfully, did not affect patient data. Seton noticed the attack on May 25 and shut down approximately 3600 devices to ensure that the ransomware would not spread.
The hospital staff then switched to paper tracking and the hospital called in extra help to care for patients. Stroke and heart patients were temporarily moved to other hospitals but were able to return to Seton on May 26.
This is a perfect example of why emergency response plans are required by HIPAA, why they’re so important, how effective they can be in saving your health care organization from a serious breach, how to properly train employees concerning the plans, and how to implement them.
Additionally, this is why log monitoring and alerting is so particularly important. One report suggests that it takes at least 40 days before an attacker is discovered on a network. That’s 40 days someone can gather patient information to sell on the dark web later. Ransomware can be a little different if it’s activated and starts asking for a ransom to be sent, but by then, you are less likely to get out of reporting a breach.
Also, as always, cybersecurity training is a must for any organization using email. You never know what might come through in an email, and people often click links without thinking about it.
At HIPAAgps, we are here to help you be as prepared as Seton was. Sign up today to start learning what you can do about HIPAA compliance and emergency preparedness.