Investigation of malware attack at Samaritan Medical Center ongoing

Featured image

Share this article

Hacker with laptop computer displaying “you’ve been hacked” on the screen

An investigation into a recent malware attack at Samaritan Medical Center in Watertown, NY is ongoing according to a hospital update about the incident.

On July 25, Samaritan discovered malware within its computer systems and immediately took its computers offline as a precautionary measure.

The attack, investigation, and subsequent complications emphasize the importance of utilizing HIPAA compliant email to avoid IT disruptions and protected health information (PHI) exposure.

Who was affected by the malware attack?

Samaritan promptly launched an investigation, according to its first notice, “to determine the exact nature and scope of the incident” but has yet to release details, such as:

  • Responsible party
  • Type of malware
  • Number of affected
  • Type of PHI involved

For some context, PHI exposed from recent malware attacks on health systems in Colorado and Ohio include demographic, medical, and financial information.

RELATED: Is a Name PHI?

As the investigation is in progress, Samaritan has yet to report the breach to the U.S. Department of Health and Human Services Office for Civil Rights.

At this time, there is no evidence that the hacker accessed or acquired patient or employee records. In other words, exfiltration and exposure are not current concerns.

Nevertheless, the incident underlines how disruptive such cyberattacks are in the healthcare industry.

What is malware?

Malware is any intrusive software used to exploit sensitive information and poor cybersecurity. It can come in many forms, from viruses to adware, ransomware, spyware, etc.

Victims usually download malware through phishing emails that employ social engineering tactics.

One report even suggests that 90% of breaches are caused by human error.

RELATED: Why Investing in Ongoing Cybersecurity Training is Good Business

The original Samaritan notice stated that “there is no indication that a patient or employee was involved.”

The hospital did not clarify if this statement pertains to malicious participation or accidental inclusion; the former is more likely.

Inaccessible systems and records

Most reports about malware incidences focus on monetary costs due to ransom demands and/or HIPAA fines, but other costs can be as detrimental.

RELATED: Healthcare Data Breaches – A Haunting Reality

In fact, the first direct challenge is the inability to access encrypted data and/or systems to maintain day-to-day operations.

This is why Samaritan, in its first notice, alerted patients that the hospital would continue providing care, “though out of an abundance of caution [they] have rescheduled a limited number of non-urgent patient procedures and appointments due to the outage.”

Soon after the incident, the hospital began writing and updating its records manually. Only recently was Samaritan able to restore its primary electronic medical records, accounting, and payroll systems.

And earlier in August, Samaritan restored various applications related to patient care such as drug delivery, radiation therapy, medical imaging, and communications.

In the updated notice, Samaritan cautioned, “Given the size of the network, this process will take time to ensure a safe and thorough restoration.”

How can strong email security help?

In order to protect healthcare providers against malware and resulting issues, the first step is to ensure strong email security.

Organizations choose Paubox Email Suite Premium to send HIPAA compliant email to patient’s inboxes (no password or portal required) and to protect themselves from cyberattacks with robust inbound security tools such as ExecProtect.

Paubox Email Suite Premium seamlessly integrates with a customer’s existing email provider to send encrypted email by default and to safeguard both inbound and outbound email with data loss prevention (DLP) tools; no change in user behavior is required once it is configured.

In other words, Paubox saves healthcare organizations from dealing with the immediate headache of disrupted patient care as well as all ensuing problems.

Be proactive with cyber protection. Lead with comprehensive email security and secure your organization’s communications today to protect patients now and in the future.

Try Paubox Email Suite Premium for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022