Ransomware attacks accelerated to an almost fevered pitch in 2018, with health care providers experiencing attempted intrusions on a near constant basis. The HIPAA regulations provide oversight to help ensure that certain standards are maintained when it comes to handling personal, Protected Health Information (PHI). However, even with regulations and standards in place, forced entry into computer systems by outside parties is something that continues to occur and is difficult to handle.
On Friday, November 23, 2018, an attack was launched against East Ohio Regional Hospital (EORH) and Ohio Valley Medical Center (OVMC). The assault continued on through the night and lasted until the afternoon of the following day. In response to the attack, their IT team was able to stall access by bringing down some segments of the affected computer systems.
While the attackers were successful in making it through the preliminary barrier of security, they were ultimately stopped short of achieving their goal.
Karin Janiszewski, the EORH and OVMC director of marketing and public relations, told local news outlets: “We have redundant security, so the attack was able to get through the first layer but not the second layer.” When asked if any PHI had been exposed, she responded by saying: “There has been no patient information breach. The hospitals are switching to paper charting to ensure patient data protection.”
While the attack was being carried out, emergency-room traffic became limited to walk-ins only as Emergency responder squads were diverted to other hospitals in the area. Fortunately, their IT team was able to resolve the attempted incursion by Sunday, November 25.
With ePHI theft constantly on the rise, it becomes necessary to take additional measures to ensure the information entrusted to businesses by patients stays safe and private. This ransomware attempt could have ended much differently had there not been a team of IT professionals and redundant security measures in place. Learn how to guard your business with the same level of protection by visiting HIPAAgps.com and starting your free trial with HIPAAgps.