BY: REBECCA ADELMAN

Cyber attacks on health care organizations have increased in recent years. According to expert reports, health care organizations suffered the highest number of data breaches in 2018 - more than any sector in the U.S. economy. You may be aware of “ransomware” attacks on hospitals and health care providers.

For example, DCH Health System in Alabama paid an undisclosed ransom to hackers to unlock its IT system after three of its hospitals were attacked in October. The affected hospitals turned away new patients and canceled several scheduled surgeries.

Protected Health Information (PHI) of more than 300,000 patients of the physician group Premier Family Medical in Utah was compromised in a ransomware attack in September. The incident barred access to patients’ data and other network systems.

Hackers infected Grays Harbor Community Hospital and Harbor Medical Group with ransomware and demanded a payment of $1 million to unlock patient files. Washington-based hospitals also faced downtime issues. According to the reports, the attack was triggered after an employee clicked on a malicious link containing ransomware.

Around 120,000 Health Alliance Plan patients’ personal and medical data breached after a ransomware attack hit its third-party vendor Wolverine Solutions Group. The compromised data included patients’ names, addresses, dates of birth, Social Security numbers, insurance contact details and numbers, medical data and phone numbers.

A ransomware outbreak has besieged a Wisconsin based IT company in November that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business but also to the untimely demise of patients.

Virtual Care Provider Inc. (VCPI) provides IT consulting, Internet access, data storage and security services to some 110 nursing homes and acute-care facilities in 45 states. All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. Click here for the full story that is worthy of reading for all long-term care providers and their IT service companies.

Why are health care organizations considered to be easy targets? They frequently don’t have the elaborate network security and backup systems that are the norm at larger companies. Health care, in general, tends to lag behind other consumer sectors in terms of IT sophistication, even more so in long-term care.

Given the rise in ransomware attacks, it’s vital that your long term care organization start preparing now. Here are three vital steps:

1. Educate yourself about the risks. The rate of attacks is growing rapidly and health care companies are in the crosshairs. Don’t wait until it’s too late to protect your company.

2. Ensure your IT organization has a defense plan. Comprehensive backups at the most useful protection, but your IT organization should have a detailed plan for protecting individual PCs and users. A strategic plan for shutting down an attack should one occur is recommended as well.

3. Educate employees about the dangers. Employees are often weak links in the security chain. Educate your staff about the risks of opening email attachments and links, installing questionable software or providing sensitive information to anyone via email.