Healthcare IT Blog

Healthcare Security; Part 1: More than a Firewall

Published on 03/31/2016 by Mike Donahue
Category: Disaster Recovery, Compliance, Backup, Healthcare IT, Virtualization, Cloud Computing,

Security is a topic that has been in the news recently far too often. If it’s not the showdown between the FBI and Apple (which is a whole other conversation) it’s the latest report out of Maryland, where MedStar Health was hit with a virus that infected the hospitals computer network.  The effect, however, spread much further than just the IT department. The extended outage has made the already difficult jobs of nurses and physicians even more challenging, and more importantly, impacted patient care. One example from the article (which is linked below) details the story of a cancer patient whose radiation treatment could not be administered. For the longest time, IT staff was always that group in that back office working on the “computer stuff” and never really considered “clinical.”  Think about the world of Healthcare IT now; a computer virus has single handedly caused hospitals to have to turn away patients.

This is the most recent incident but certainly not the only, and for every story that makes headlines, there are ten that don’t. It was only February when a California based healthcare facility discovered the computer network had become infected with ransomware. This ransomware encrypted the hospitals files and withheld the encryption key unless they paid the ransom.  This was a major service interruption as it brought down the facility’s EMR for an extended period of time as they considered their options. In this particular case, the organization made the business decision to pay the ransom for roughly $17,000.00 to get the decryption code. Now, it’s important to note that the cause or entry has not been published and the attacking method is unknown…But you have to ask yourself, could this have been prevented?

Now more than ever is the time to remain vigilant. Are you regularly updating anti-virus? Is patching up to date on every server? Are the latest expectations in place? Are my backups completing nightly? Have they been tested?  These are just a few questions that need to be asked by hospital executives and administrators.

This topic is something which every organization needs to be on the lookout for. I was recently reading a blog article by a major anti-virus vendor; they predicted that 2016 will be the year of extortion. More hackers will attempt to infiltrate your environment not for the sole purpose of being destructive, but now for financial gain as well - giving organizations an ultimatum to pay or remain infected. A major concern that I now have is with the media coverage and public nature of the incident in California, especially where the ransom was paid, this is going to encourage future hacks.

As technology becomes more vital to healthcare organizations, protecting it needs to be a #1 priority. This point carries past the traditional security of anti-virus and firewalls but ensuring successful backups as well.  If you were infected, would you be able to restore from backups?

Security is a preventive measure and I’m sure most people can understand, in the world of healthcare IT, preventive is a word we don’t get to use as often as we’d like. The time is now to start the transformation of your organization.

MedStar Washington Post Article.


Mike Donahue

Managing Director, Technical Consulting