Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Investigation of malware attack at Samaritan Medical Center ongoing

Investigation of malware attack at Samaritan Medical Center ongoing

An investigation into a recent malware attack at Samaritan Medical Center in Watertown, NY is ongoing according to a hospital update about the incident. On July 25, Samaritan discovered malware within its computer systems and immediately took its computers offline as a precautionary measure. The attack, investigation, and subsequent complications emphasize the importance of utilizing HIPAA compliant email to avoid IT disruptions and protected health information (PHI) exposure.

 

Who was affected by the malware attack?

Samaritan promptly launched an investigation, according to its first notice, “to determine the exact nature and scope of the incident” but has yet to release details, such as:
  • Responsible party
  • Type of malware
  • Number of affected
  • Type of PHI involved

For some context, PHI exposed from recent malware attacks on health systems in Colorado and Ohio include demographic, medical, and financial information. RELATED: Is a Name PHI? As the investigation is in progress, Samaritan has yet to report the breach to the U.S. Department of Health and Human Services Office for Civil Rights. At this time, there is no evidence that the hacker accessed or acquired patient or employee records. In other words, exfiltration and exposure are not current concerns. Nevertheless, the incident underlines how disruptive such cyberattacks are in the healthcare industry.

 

What is malware?

Malware is any intrusive software used to exploit sensitive information and poor cybersecurity. It can come in many forms, from viruses to adware, ransomware, spyware, etc. Victims usually download malware through phishing emails that employ social engineering tactics. One report even suggests that 90% of breaches are caused by human error. RELATED: Why Investing in Ongoing Cybersecurity Training is Good Business The original Samaritan notice stated that “there is no indication that a patient or employee was involved.” The hospital did not clarify if this statement pertains to malicious participation or accidental inclusion; the former is more likely.

 

Inaccessible systems and records

Most reports about malware incidences focus on monetary costs due to ransom demands and/or HIPAA fines, but other costs can be as detrimental. RELATED: Healthcare Data Breaches – A Haunting Reality In fact, the first direct challenge is the inability to access encrypted data and/or systems to maintain day-to-day operations. This is why Samaritan, in its first notice, alerted patients that the hospital would continue providing care, “though out of an abundance of caution [they] have rescheduled a limited number of non-urgent patient procedures and appointments due to the outage.” Soon after the incident, the hospital began writing and updating its records manually. Only recently was Samaritan able to restore its primary electronic medical records, accounting, and payroll systems. And earlier in August, Samaritan restored various applications related to patient care such as drug delivery, radiation therapy, medical imaging, and communications. In the updated notice, Samaritan cautioned, “Given the size of the network, this process will take time to ensure a safe and thorough restoration.”

 

How can strong email security help?

In order to protect healthcare providers against malware and resulting issues, the first step is to ensure strong email security. Organizations choose Paubox Email Suite Premium to send HIPAA compliant email to patient’s inboxes (no password or portal required) and to protect themselves from cyberattacks with robust inbound security tools such as ExecProtect. Paubox Email Suite Premium seamlessly integrates with a customer’s existing email provider to send encrypted email by default and to safeguard both inbound and outbound email with data loss prevention (DLP) tools; no change in user behavior is required once it is configured. In other words, Paubox saves healthcare organizations from dealing with the immediate headache of disrupted patient care as well as all ensuing problems. Be proactive with cyber protection. Lead with comprehensive email security and secure your organization’s communications today to protect patients now and in the future.

 

Try Paubox Email Suite Premium for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.