Pennsylvania ransomware attack a warning to practices to boost IT security

A new ransomware dubbed "WannaCry" is living up to its name as it strikes out at businesses without proper data backups. Here is what we know.
This week’s cyberattack on a Pennsylvania health system and others, including May’s WannaCry ransomware attack, demonstrate the need for strong electronic security.

A ransomware attack this week that hit Pennsylvania doctors' offices serves as another urgent reminder for practices to ensure their electronic security.

Tuesday’s global ransomware attack, the second one in as many months, infected the Sewickley, Pennsylvania-based Heritage Valley Health System with a malware virus known as Petya that crippled the entire health system, including its physician offices.

Heritage Valley was still dealing with the aftermath Wednesday, according to The Beaver County Times. For one patient, that meant her doctor dictated instructions to an assistant, who took notes on a blank sheet of paper, and patient and physician relied on memory for past medical history and medications, the article said.


Driving Engagement in an Evolving Healthcare Ecosystem

Deep-dive into evolving consumer expectations in healthcare today and how leading providers are shaping their infrastructure to connect with patients through virtual care.

RELATED: Pennsylvania health system, U.S. drugmaker hit by global ransomware attack

Meanwhile, surgeons canceled some operations for a second day Wednesday at the system’s hospital in Beaver, Pennsylvania, one doctor told The Wall Street Journal.

Dale Yakish, M.D., an orthopedic surgeon at the Association of Specialty Physicians, said while its computers were frozen, his group practice still had access to patient medical records, which are on paper. “We’ve been slow to get rid of our paper records. After this, we may be a little slower,” he told the WSJ.

Steps to protect your practice

This week’s cyberattack and others, including May’s WannaCry ransomware attack, demonstrate the need for strong electronic security.

“Sometimes the small practice physicians think they won’t be targeted because they have less information, but what we’re learning is that everyone is vulnerable because health data is very valuable,” Deven McGraw, deputy director for Health Information Privacy for the Office for Civil Rights at the U.S. Department of Health and Human Services, told Medical Economics prior to the most recent attack.

Attacks are becoming more sophisticated, and health systems must step up efforts to ensure they don’t become victims, Michael Kaiser, executive director of the National Cyber Security Alliance, told The Beaver County Times

Just like individuals, practices should continually update their devices with software patches or fixes, and use strong passwords or other authentication measures, he said. They should regularly conduct backups of their systems, so systems can be restored if ransomware or other attacks block them from accessing their computers.

While prevention is the goal, organizations also should be prepared to respond to and recover from an attack to minimize disruptions, he said.

RELATED: 3 tips for defending patient information from hacker attacks

Since they are focused on patient care and often without a dedicated staff member to handle IT, many physician offices aren’t following basic security measures, such as having up-to-date hardware and software, failing to download security patches, and skimping on security technologies, according to Medical Economics.

A security risk assessment, required by HIPAA, can help practices identify their weaknesses. Adopting strong passwords and keeping antivirus programs up to date so they catch the latest threats can also help protect patient information.

Suggested Articles

Walmart has tapped Cambia Health Solutions' Cheryl Pegus, M.D., to serve as its new executive vice president of health and wellness.

Andor Health just landed an investment from Microsoft's venture arm to expand its AI-powered virtual health program.

Google Cloud rolled out new tools and services to help providers and payers advance data interoperability in advance of upcoming federal deadlines.