Cautionary Tale: Health System Victim of ‘Breach Season’
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowA founding partner of an Indianapolis-based digital security consulting company is warning businesses to be aware of a busy time of year for data hacking schemes. Ron Pelletier with Pondurance says February through April is considered "breach season," when intrusions jump, in some cases, 80 percent to 90 percent. During an interview in the Business of Health, Hancock Regional Hospital Chief Executive Officer Steve Long joined Pelletier with his cautionary tale of a January ransomware situation that gripped the health system.
Long discussed Hancock Regional’s decision to pay what the hackers demanded. "There were three things we had to know," said Long once the ransomware situation was presented. "One: were out patient’s safe, because so much clinical equipment is now integrated in information systems? So, we satisfied that idea really quickly. And then, could we understand what happened and how do we protect patient information? Then thirdly, how do we quickly get back up to speed? Only two ways to do that: either you backup and restore from the backups or you purchase the decryption keys or you pay the ransom. That’s where we brought these guys in, because they were professionals in this area. They brought the insight, the information, the expertise that allowed us to make a good decision at the time."
Long said the attack was not triggered by an email phishing scam, but a targeted attack from a criminal enterprise. "When you start to think that there are actually out there to get folks like us, you know, it really gives you a pause," he said.
Pelletier says his main message is for businesses to not remain static when it comes to a digital defense strategy. "The reality is," he said "as the outside actors — the attackers — get more sophisticated, they find ways to circumvent that technology, then that is them upping their game. And so, your adversary is a human. If you don’t think like a human in your defense, chances are, your defense is not going to be enough."