Pennsylvania ransomware attack a warning to practices to boost IT security

A new ransomware dubbed "WannaCry" is living up to its name as it strikes out at businesses without proper data backups. Here is what we know.
This week’s cyberattack on a Pennsylvania health system and others, including May’s WannaCry ransomware attack, demonstrate the need for strong electronic security.

A ransomware attack this week that hit Pennsylvania doctors' offices serves as another urgent reminder for practices to ensure their electronic security.

Tuesday’s global ransomware attack, the second one in as many months, infected the Sewickley, Pennsylvania-based Heritage Valley Health System with a malware virus known as Petya that crippled the entire health system, including its physician offices.

Heritage Valley was still dealing with the aftermath Wednesday, according to The Beaver County Times. For one patient, that meant her doctor dictated instructions to an assistant, who took notes on a blank sheet of paper, and patient and physician relied on memory for past medical history and medications, the article said.

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

RELATED: Pennsylvania health system, U.S. drugmaker hit by global ransomware attack

Meanwhile, surgeons canceled some operations for a second day Wednesday at the system’s hospital in Beaver, Pennsylvania, one doctor told The Wall Street Journal.

Dale Yakish, M.D., an orthopedic surgeon at the Association of Specialty Physicians, said while its computers were frozen, his group practice still had access to patient medical records, which are on paper. “We’ve been slow to get rid of our paper records. After this, we may be a little slower,” he told the WSJ.

Steps to protect your practice

This week’s cyberattack and others, including May’s WannaCry ransomware attack, demonstrate the need for strong electronic security.

“Sometimes the small practice physicians think they won’t be targeted because they have less information, but what we’re learning is that everyone is vulnerable because health data is very valuable,” Deven McGraw, deputy director for Health Information Privacy for the Office for Civil Rights at the U.S. Department of Health and Human Services, told Medical Economics prior to the most recent attack.

Attacks are becoming more sophisticated, and health systems must step up efforts to ensure they don’t become victims, Michael Kaiser, executive director of the National Cyber Security Alliance, told The Beaver County Times

Just like individuals, practices should continually update their devices with software patches or fixes, and use strong passwords or other authentication measures, he said. They should regularly conduct backups of their systems, so systems can be restored if ransomware or other attacks block them from accessing their computers.

While prevention is the goal, organizations also should be prepared to respond to and recover from an attack to minimize disruptions, he said.

RELATED: 3 tips for defending patient information from hacker attacks

Since they are focused on patient care and often without a dedicated staff member to handle IT, many physician offices aren’t following basic security measures, such as having up-to-date hardware and software, failing to download security patches, and skimping on security technologies, according to Medical Economics.

A security risk assessment, required by HIPAA, can help practices identify their weaknesses. Adopting strong passwords and keeping antivirus programs up to date so they catch the latest threats can also help protect patient information.

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine health research database project has enrolled 230,000 participants.

While it continues to oppose “Medicare for All,” the American Medical Association has dropped out of a coalition organized to fight the proposal.