VIDEO: How to prepare hospitals for ransomware attacks
John Gaede, director of information systems, Sky Lakes Medical Center, Oregon, discusses how hospitals should prepare for possible cyberattacks. Gaede speaks from experience after his own hospital was hit by a ransomware attack in 2020 that took down their entire network. Because of a backup system, the system was able to get back up and running within a month.
"I would say the experience was very much like a person getting hit by lightening," explained Gaede. "It happens, but no one gets into their car in the morning on their way to work thinking they are going to get hit by lightening. It's the same thing with ransomware attacks."
According to Gaede, hospital IT departments might want to think more about what they can do to prevent or mitigate these types of attacks. He also noted that cyberattacks on healthcare organizations is the fastest growing area for such attacks across all industries.
Gaede said bad actors want to encrypt data so they can hold it hostage and ransom it for payment. The criminals also want to exfiltrate the organization's data so it can be used elsewhere for malicious purposes. Gaede said the way to recover from these types of attacks is to have really strong data backups.
"Sky Lakes bought a new backup system a year before the attack for efficiency, and did not know we also got a ransomware protection package," he said. That ended up being key to speeding their recovery with minimal loss of patient data.
To prevent exfiltration of health system data or ransomware attacks, he said health systems need both automated detection, possibly using artificial intelligence (AI), to monitor systems for possible signs of an attack. But this also needs to be done with human watchmen to monitor data systems traffic on a 24-hour a day, 365-day a year schedule.
"The No. 1 thing we learned was that we worked downtime out of our processes, because we had been on automated electronic medical record processes for 18 years," Gaede said. "During the ransomware attack, we lost all of that. So, how do you get an order down to an emergency department, or how you you get those things you had always put into tubes back to a lab and you realize you now need runners? We worked all the downtime and runners out of our systems."
He said emergency plans worked for a short time, but it was a shock to everyone in the health system when they suddenly had to go back to a paper-based system they had not used for nearly two decades. The system began breaking down after 72 hours.
"It broke down because of simple things, like having enough paper prescription pads to write medication orders, things like that," Gaede explained. "So hospitals need to think about the long-term effects of not having access to your system, because the potential harm to patients is extremely high."
He said his hospital was lucky it did not have to pay a ransom because it did have a backup system. He also said there were no reports of patient harm, but it easily could have happened in the disarray of a cyberattackand the disruption to workflows it causes.
Find out more details on this cyberattack in the VIDEO: How radiology was restored after a ransomware attack at Sky Lakes Medical Center in Oregon.