The largest medical cyberattack in U.S. history?

Featured image

Share this article

The largest medical cyberattack in U.S. history may have occurred last week. CommonSpirit Health is suffering at the hands of a not-yet-identified ransomware group. The number of medical records affected could be as high as 20 million.

Read on to learn more, including why healthcare is under attack and the steps to take if your medical record is leaked.

The largest medical cyberattack in US history?

CommonSpirit Health is the nation’s fourth-largest hospital system with 142 hospitals in 21 states.

CommonSpirit Health’s Statement

Over the course of this past week, we have been managing a response to a cyberattack that has impacted some of our facilities. Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees and caregivers. Patient care remains our utmost priority and we apologize for any inconvenience this matter has created. 

As previously shared, upon discovering the ransomware attack, we took immediate steps to protect our systems, contain the incident, begin an investigation and ensure continuity of care. 

Our facilities are following existing protocols for system outages, which include taking certain systems offline, such as electronic health records. 

In addition, we are taking steps to mitigate the disruption and maintain continuity of care. 

To further assist and support our team in the investigation and response process, we engaged leading cybersecurity specialists and notified law enforcement. 

We continue to conduct a thorough forensics investigation and review of our systems and will also seek to determine if there are any data impacts as part of that process.  

Systems serving Dignity Health and Virginia Mason Medical Center have had minimal impacts on operations by this incident. For the other parts of our health system that have seen impacts on operations, we are working diligently every day to bring systems online and restore full functionality as quickly and safely as possible.  

Central to our decision-making has been and will continue to be our ability to carry out our mission in a manner that is safe and effective to those we serve. At CommonSpirit Health, we are dedicated to meeting the needs of the communities we serve and are guided by our core set of values, which include integrity, excellence, and collaboration. We are grateful to our staff and  physicians who are doing everything possible to mitigate the impact to our patients and ensure continuity of care.

The CommonSpirit ransomware attack impact area

Subsidiaries of CommonSpirit affected by the attack include CHI Health facilities in Nebraska and Tennessee, MercyOne Des Moines Medical Center, Houston-based St. Luke’s Health and Michigan-based Trinity Health System. As stated above, Dignity Health and Virginia Mason Medical Center have had minimal impacts on operations by this incident.

5 reasons why healthcare is a target for ransomware

Healthcare organizations are vulnerable to cyberattacks, even more so than other industries. The reasons why advanced persistent threat (APT) groups actively target covered entities, such as healthcare providers, pharmaceutical companies, and medical research organizations, likely include the following:

  1. Medical records are valuable on the black market and fetch up to $1,000 per record.
  2. Healthcare may be more likely to pay ransoms to get data back because lives hang in the balance.
  3. The attack surface is excessive and often left vulnerable.
  4. Untrained or overworked staff are prone to make errors.
  5. Lax security: A healthcare organization may view cybersecurity as an expense, despite the fact that that expense is small compared to what the organization could lose in the event of a data breach.

Read more: Why is healthcare a juicy target for cybercrime?

How do ransomware attacks happen?

Phishing emails are a common method of delivering ransomware attacks. An attachment is sent in an email as a link that the victim believes is trustworthy. When the victim clicks on that link, the malware in the file begins to download.

Upon entering a system, the malware begins encrypting the victim’s data. The files are then encrypted with an extension which makes them inaccessible. Once this is done, the files cannot be decrypted without a key known only to the attacker. Finally, a message will be displayed to the victim, explaining that the victim’s files are inaccessible and can only be reaccessed by paying a ransom to the attackers.

Read more: What is ransomware and how to protect against it?

Are foreign governments targeting the U.S. healthcare system?

Anne Neuberger, U.S. Deputy National Security Advisor, stressed the growing threat of foreign cyberattacks, citing U.S. government reports that identify specific “preparatory activity” targeting U.S. companies and critical infrastructure.

Further, the U.S. Department of Justice confirms that a North Korean regime-backed programmer is charged with conspiracy and responsible for the destructive Global WannaCry 2.0 ransomware attacks.

“Security needs to be top of mind for every company. Email security is the number one cause of breaches,” Paubox customer Eli Golden, Director of IT at The Jellyvision Lab, explains. “Attackers are getting smarter, and while we train our staff thoroughly with simulated attacks and live sessions, it’s best to have as much protection as possible.”

Read more: The White House warns against possible Russian cyberattacks

Healthcare executives rank ransomware as the #1 threat

A recent survey of 132 healthcare executives found that ransomware was the number one cybersecurity threat – more than data breaches or insider threats – according to the Health Information Sharing and Analysis Center, a nonprofit global cyberthreat forum for the healthcare industry.

Read more: The risks are too high for healthcare leaders not to understand Zero Trust

Take these 7 steps if your medical record is breached

  • File a police report
  • File a report with the FTC
  • Inform your insurer
  • Get copies of your medical record
  • Notify the three credit bureaus
  • Ask for corrections
  • Use strong passwords and 2FA or MFA on your accounts
Steps to take if your medical record is breached
Source: IDStrong

Are you in healthcare and concerned about digital security?

Paubox technology is HITRUST-CSF certified, patented and provides the most advanced HIPAA compliant email solutions available. Paubox solutions are effortlessly easy to implement and use.

In fact, Paubox is securing nearly 70 million HIPAA compliant emails each month for more than 4,000 healthcare customers and has a 4.9/5 G2 rating.

Whether you are a large hospital or a standalone clinic, Paubox has the right email product to keep your data and organization HIPAA compliant and secure.

Author Photo

About the author

Anne-Marie Sullivan

Read more by Anne-Marie Sullivan

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022