Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Rate Of Healthcare Ransomware Attacks Falls In First Half of 2018

Posted on July 12, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Most research I’ve read lately suggests that the rate of healthcare cyberattacks is at an all-time high, and that ransomware is leading the parade.

But is that really true? Maybe not. A new security report has concluded that the rate of ransomware attacks on healthcare organizations actually fell during the first half of this year, and what’s more, that such attacks trended lower during the same period.

The study, which comes from security firm CryptoniteNXT, notes that cybercriminals target healthcare because they can fetch great prices for the data by reselling it on the dark web. Also, given the complexity of healthcare networks and the high number of vulnerabilities in those networks, thieves see providers as a fat and easy target.

However, when it comes to ransomware, the landscape may be changing. CryptoniteNXT found that the number of ransomware attacks impacting over 500 patient records dropped from 19 major data breaches in the first half of 2017 to 8 major breaches in the first half of 2018. That’s an impressive 57% decrease.

The biggest reported records IT/hacker-driven breach hit LifeBridge Health, affecting 538,127 individuals. Other organizations targeted included academic medical centers, medical practices, ambulatory surgical centers, health plans and government agencies.

Meanwhile, the rate of ransomware attacks as a percentage of IT/hacking events has fallen substantially, from 30.16% during the first half of 2017 to 13.6% during the first half of this year.

On the other hand, the volume of patients affected has climbed. Roughly 1.9 million patient records were breached in the first half of this year, compared with 1.7 million records the first half of 2017 and 1.8 million records the second half of that year, it concludes.

Also, the report notes that ransomware attackers are far from done with the industry. The authors say that ransomware will still pose a “formidable threat” to healthcare organizations and that new variants such as AI-based malware will pose a major threat to healthcare organizations for the next couple of years.

To fend off hacking attacks, CryptoniteNXT recommends adopting new best practices such as moving target cyber defense and network micro-segmentation, which can address the inherent weakness of TCP/IP networks.

Did hospital “kidnap” patient who wanted to leave?

Posted on September 2, 2010 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

 

Hospital? Or prison?

 

OK folks, I don’t know any more about the following story than you do, but if true, it’s an absolutely insane breakdown in hospital systems — one, I’d argue, that might not have happened in a hospital which had its, uh, finances and operations together.

The beginning of the tale sounds pretty routine. Apparently, Joseph Wheeler and his wife Felicia Ann, both in their mid-40s, were in a car accident in June and brought to Cheverly, MD-based Prince George’s Hospital.  In theory, this should have been a relatively simple case, as neither was gravely injured.

Now, let’s take a pause. Prince George’s is part of the Dimensions Healthcare System, a financially troubled institution which brought on a new CEO and an interim EVP  last month. The system, which has been forced to accept funding from the state in the past, expects to begin a restructuring plan in coming weeks.  It’s also looking for capital sources, natch.

So, back to the Wheelers.  Joseph Wheeler spent the night of June 23rd at the hospital, being treated for blunt torso trauma without other acute injuries.  The next morning he wakes up, finds a woman’s ID badge on his wrist, and is told he’s getting surgery “to have a potentially cancerous mass removed from his chest,” according to ABC News.   Need I tell you that he freaked out?

Well, all hell broke out at that point, according to the Wheelers, who have since filed a $12 million lawsuit against the hospital for false imprisonment, assault and battery and infliction of emotional distress.  According to Mr. Wheeler, he couldn’t get hospital staff to take an interest in the fact that the badge was for a woman 13 years younger than himself, so he and his wife decided to leave. 

Unfortunately, when they tried to leave the campus, they were accosted by security guards with a big chip on their shoulder. Two guards cursed the two out, then beat Mr. Wheeler severely, while attempting to take the incorrect ID bracelet away from him, the suit claims.  Ultimately, the facility let him go when Wheeler signed a form admitting he was leaving against medical advice.  He was treated at a nearby hospital with several new injuries, his suit recounts.

So, is this just an unbelievable aberration?  Has the financial strain the hospital faced left it with scared, poorly trained employees who simply got out of control?  What do you think?

Tweet roundup: Data loss at Thomas Jefferson, med records found in dump

Posted on August 15, 2010 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Happy weekend!  Here’s a group of tweets from the past few days that might be worth a second look.  If you have tweets you’d like to see in our roundup please feel free to share them.

Cheers,

Anne Z.

____________________________________________________________
Tweets for the week of 8/8/10

> @idtexpert #Medical #IdentityTheft Alert: Huge loss of patient data at Thomas Jefferson #University #Hospital in #Philadelphia ; http://bit.ly/dsTWhd

> @drchrono patient med records found in a Boston dump! sounds like yet another good reason to get an EMR: http://bit.ly/bOEPCP #emr

> @hcapr Regional Med Ctr of San Jose Uses Pocket-Sized Handout to Improve Quality Scores: http://tinyurl.com/2cp7ph2 #HCA #hospital #cms #healthcare (Hey, I’m intrigued; how about  you?)

> @ShigeoKinoshita RT @ingagenetworks: 3 ways to increase engagement and revitalize your healthcare system http://bit.ly/98Fe7s #hcsm #health20

> @AndrewPWilson: CDC Gateway to Health Communication & Social Marketing Practice http://bit.ly/b4udxS #gov20 #health20

> @HealthYRc Lone bedbug sends Kings County Hospital ER into fumigation lockdown – #New #York #Daily #News#Hospitals#Health > http://bit.ly/bSFMlS

> @HealthYRc It’s easy to buy babies at govt hospitals – #Times #of #India#Hospitals#Health > http://bit.ly/ddRmdH (ED: Sounds outrageous but check out the story)

Video: Violence at an NYC hospital

Posted on June 13, 2010 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

 Knowing hospital violence is getting worse may be discomfiting — but it’s easy to say “that only happens to other facilities.”  So here’s a more visceral way to take in the message.

In this video, a local television station offers a report on the escalating violence faced by New York City’s St. Barnabas Hospital.

Sure,  St. Barnabas is an urban hospital in the Bronx. And maybe the crime rate in its catchment area is higher than, say, a cushy suburban neighborhood.  But violent people are everywhere.

So, here way have another reminder to take action. What can hospitals do, today, to keep their facilities safe?

Joint Commission warns about rising hospital violence

Posted on June 12, 2010 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

As those of you who follow this blog know, I recently gave a severe thrashing to a hospital which got security all wrong. That hospital, based in the Las Vegas metro, attempted to prepare staffers for violence by sending an armed man in, unannounced, to conduct a ficitious terrorist attack on the staff. (Yeah, brilliant.)

Foolish behavior like the above aside, no one questions that hospital violence is a real and growing problem.  The most recent authority to weigh in is no other than the Joint Commission, which notes in its latest Sentinel Event Alert that hospitals “are being confronted with steadily increasing rates of crime, including assault, rape and murder.”  Extremely sobering stuff.

The standards group has developed a list of 13 steps hospitals can take to prevent violence in their facilities, such as doing a thorough risk assessment for your facility, putting extra security precautions in place in the ED and doing careful background checks on potential employees.  My guess is that while most hospitals are taking some of these steps, few have developed a really comprehensive program like the one the Joint Commission has in mind.

You don’t have to be a security expert to conclude that hospitals need to confront this issue. But striking the right balance is going to be a serious challenge;  after all, if your hospital’s security checkpoint resembles that found at the local airport, patients may well go elsewhere.  All in all, there’s no easy answers here.

If you want security, don’t aim a gun at your staff

Posted on June 9, 2010 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Folks, I’m almost at a loss for words here, so I’ll just shoot.  Read, with astonishment, this item below from the Las Vegas Sun:

An off-duty cop pretending to be a terrorist stormed into a hospital intensive care unit brandishing a handgun [last week], which he pointed at nurses while herding them down a corridor and into a room.

There, after harrowing moments, he explained that the whole caper was a training exercise. (Ed.: Emphasis mine)

Apparently, the hospital intended this to be a terrorism-preparedness exercise. But it didn’t go over well, to say the least. The staff at Los Vegas-based St. Rose Dominican Hospitals-Siena Campus, as the Sun reporter wryly puts it, ” found the exercise more traumatizing than instructive.”

If there’s a more half-assed way to respond to potential threats, I can’t imagine what it is. Not only does it scare the bejeezus out of the staff, it could easily distracted them from getting back to their real jobs, i.e. keeping people alive. Do patients in an ICU really deserve to be treated by terrified caregivers who have just been jolted out of their wits? Good Lord!

Please understand, I’m not here to trivialize concerns about hospital violence. It’s clearly a serious issue, especially in the hospital’s 24-hour, open access ED.

A 2009 study by the Emergency Nurses Association found that more than half of nurses reported experiencing physical violence on the job, and that one in four had experienced such violence more than 20 times in the previous three years.

Another study, published by the American College of Emergency Physicians’ Annals of Emergency Medicine in 2005, found that nearly three-quarters of 171 Michigan physicians surveyed experienced a verbal threat in the last year, and 28 percent were victims of physical assault in the same time period.

This statistics are terrifying, truly, and must be addressed if hospitals want to do their business well. But I think most professionals would agree that fake terrorism isn’t a strategy.

So what of the Los Vegas hospital?  Why did it conduct what, in retrospect, was clearly a mindbogglingly stupid experiment?  My guess is that hospital administrators thought this would be cheaper than paying for real training . (Maybe someone at  Blackwater owed them a favor?) Or that maybe they were so ignorant that they thought highly-trained professionals in a tense situation were asleep at the wheel.

Regardless, this kind of thoughtless tomfoolery can only distract professionals from noticing real threats.  If someone ever does show up with a gun, whose fault will it be if they think it’s an exercise?