Article excerpt provided from the Nov/Dec CHIA Journal. Read full articles and more in the online version here.
Health Care Under Attack:
How to Protect California's Patients
Hospitals From Ransomware
By: Chris Bowen, MBA, CIPP, CIPT, CISSP, CCSP
The medical records of Californians are protected under some of the strictest privacy laws and data breach reporting requirements in the country. Yet despite this stringent regulatory framework, California health care organizations have proven to be just as susceptible to data breaches as those in other states. In fact, health care data breaches are the third leading breach type in California, according to the 2016 Data Breach Report from California's Attorney General.1 The report also found that medical information and social security numbers, both found in patient medical records, were breached more than any other data types.
Already such breaches can spell years of trouble for patients as they fight to reclaim their stolen medical identities. With the rise in ransomware attacks on hospitals, we can expect data breaches to jeopardize patient safety even more. In just one example, when ransomware shut down critical systems at Hollywood Presbyterian, emergency room patients reportedly had to be diverted to another hospital altogether.2 Seemingly left with little recourse, the hospital forked over ransom money in exchange for access back to its systems.