How Tampa General Hospital was proactive against a ransomware attack

Tampa General Hospital in Florida was hit with ransomware in May 2023. The cyberattack group responsible tried to steal data to demand a ransom. The hospital prevented this by having and utilizing proactive monitoring tools.

Related: HIPAA compliant email: The definitive guide

What happened?

In an online notice, Tampa General stated that it experienced a cybersecurity event that affected approximately 1.2 million people. This cybersecurity incident also impacted Johns Hopkins All Children’s Hospital, HCA Hospitals, and Hillsborough County. 

The breach is believed to have exposed the following PHI:

• Names
• Addresses
• Phone numbers
• Dates of birth
• Social Security numbers
• Health insurance information
• Medical record information
• Patient account numbers
• Dates of service
• Some limited treatment information
  

The hospital's electronic medical record (EMR) system was not part of the data breach. While the cyber gang was able to steal PHI, the hospital’s internal security system blocked the encryption of its data.

On July 18, Snatch ransomware group claimed responsibility for the data theft on its leak site. The group is suspected of operating from Russia. The FBI is currently investigating the attack and the ransomware group.

Ransomware and healthcare

According to a recent report on ransomware attacks worldwide, there has been a 67% increase in cases between the first and second quarters of 2023. Ransomware attacks are known for using malicious software (malware) to encrypt a user's data, denying access to it. Malware typically gets delivered in email links or attachments.

Once data is encrypted, the ransomware group responsible demands a ransom payment in exchange for a decryption key. Payment does not guarantee that a decryption key will work or that a cyberattacker will stop its attacks.

Ransomware attacks damage healthcare organizations and possibly expose patients’ PHI. Along with data loss and the disruption of hospital operations is the financial and recovery time impact. An attack more than likely also leads to a HIPAA violation and fine.

LEARN MORE: Report reveals ransomware attacks reached record high in July

Tampa General's cybersecurity successfully prevented encryption

Security expert Sherri Davidoff says Tampa General deserves credit for catching the breach: “Kudos to the hospital for employing some of this latest and greatest technology that helped them to prevent operational outages. . . . You don’t want delays in procedures. Some studies link ransomware attacks to increased mortality rates and things like that, and [Tampa General] really successfully avoided the worst of it.”

In 2022, Tampa General gained HITRUST certification, demonstrating its commitment to HIPAA and protecting patient data. Since the attack, it has implemented additional tools and increased monitoring.

The takeaway: proactively prevent ransomware attacks

Healthcare organizations can mitigate threats by implementing a sound cybersecurity program that includes both technical and administrative safeguards:

1. Patch and fix common entry points and known vulnerabilities.
2. Log all possible endpoints into a system and prevent access to each.
3. Enable advanced threat intelligence to detect and block viruses and malware.
4. Use an offsite, offline backup and assess backup strategies continuously.
5. Foster internal awareness of security issues by training employees.
6. Execute frequent assessments, audits, tests, and analyses on cybersystems.
7. Avoid a second attack by the same group by isolating and removing all traces of the first attack.
8. Have a contingency plan in case ransomware succeeds.

Experts encourage organizations to design a detailed response plan in case they become the victim of a ransomware attack. Above all, organizations should refuse to pay after a ransomware attack. Paying ransoms provides cybergangs with monetary support and doesn't necessarily prevent the data from being sold.

Strong cybersecurity: worthwhile for healthcare

With ransomware attacks increasing in frequency and severity, it is difficult for many organizations to face them head-on. Creating a strong cybersecurity program is costly and time-consuming upfront. This is why cyber attackers especially target smaller clinics.

Healthcare organizations need to take proactive steps to protect themselves. By implementing HIPAA compliant safeguards and having a backup plan, healthcare organizations can minimize the risks of ransomware attacks.