Appalachian Regional Healthcare Hit with Cyber Attack, Systems Down for a Week | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Appalachian Regional Healthcare Hit with Cyber Attack, Systems Down for a Week

September 2, 2016
by Heather Landi
| Reprints
Click To View Gallery

Appalachian Regional Healthcare (ARH), a health system with hospitals in eastern Kentucky and southern West Virginia, is still in the process of trying to restore its systems following a cyber attack that was discovered Saturday, Aug. 27.

Last Saturday, ARH Spokesperson Melissa Cornett released a statement saying the health system was dealing with technical complications.

The ARH system of hospitals in Kentucky and West Virginia are operating under their Emergency Operations Plan due to a computer virus "that has limited our use of electronic web-based services and electronic communications," Cornett said in her statement on Aug. 27.

ARH operates 11 hospitals, two in West Virginia and nine in Kentucky.

On Tuesday, Cornett released a statement saying officials do not believe at this time private patient information has been compromised. “ARH continues to work with authorities and computer experts to address the problems and restore our systems to operational capacity as quickly as possible,” she stated.

“In the meantime, ARH would like to emphasize that we presently have no reason to believe that the protected health information or any financial information of our patients or employees has been accessed. Please be assured that ARH will investigate this fully, and will take prompt action to notify and protect patients and employees if it appears that their private information has been accessed.”

Since Saturday, ARH employees had been tracking patients and performing their jobs without access to any of the hospitals’ computerized systems, Cornett said Tuesday afternoon.

Cornett further stated, “ARH’s hospitals and other locations of care across eastern Kentucky and southern West Virginia remain open, and our staff is working hard to continue to provide the same level of quality healthcare to our patients while we recover from this cyber attack. We appreciate the extra efforts of our outstanding workforce, and the patience of the people we serve, as we work through the inconvenience of having computer systems out of service.”

Cornett said all ARH computers were shut down to prevent further spread of the virus and all paperwork is being managed manually. She said staff will assess all critical patients to determine if they should be transferred to another facility for care. Officials ask patients visiting a physician practice to bring all prescribed medications to upcoming appointments until further notice.

Local news station WYMT, a CBS affiliate, reported on Tuesday that federal authorities are investing the cyber attack at ARH. "A law enforcement source told CBS News that they are aware of a cyber breach at ARH. CBS News reports the incident appears to be ongoing. When asked whether it was a ransomware case, a situation in which hackers demand money, an FBI spokesman would not comment except to say ‘they cannot confirm or deny the existence or non-existence of an investigation,’” the WYMT report stated.

A number of hospitals have been hit with ransomware attacks in the past year, and the situation at ARH, with a computer virus requiring the shut-down of most of the computer systems, bears some similarity to those attacks. In February, Los Angeles-based Hollywood Presbyterian had to operate without its computer systems and without access to electronic health records for more than a week. The computer systems were only restored after the hospital paid hackers $17,000. In late March, the MedStar Health system, based in Columbia, Md., and serving the Washington-Baltimore corridor, also was hit with a ransomware attack and systems were down more than a week. MedStar Health officials denied that any ransom was paid related to the cyber attack on its computer networks.

2018 Seattle Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

October 22 - 23, 2018 | Seattle


/news-item/cybersecurity/appalachian-regional-healthcare-hit-cyber-attack-systems-down-week
/news-item/cybersecurity/phishing-attack-georgia-health-system-may-have-exposed-400k-patients-data

Phishing Attack at Georgia Health System May Have Exposed 400K Patients’ Data

August 20, 2018
by Heather Landi, Associate Editor
| Reprints
Click To View Gallery

Augusta University Health System, based in Augusta, Georgia, has reported that a phishing attack on email accounts that occurred last fall may have led to the unauthorized access of protected health information (PHI) of approximately 417,000 individuals.

In a notice posted on its website, Augusta University officials said the organization was targeted by a series of fraudulent emails on Sept. 10-11, 2017. “These sophisticated phishing emails solicited usernames and passwords, giving attackers access to a small number of internal email accounts,” officials said.

A second phishing attack occurred July 11, 2018, and appears to be smaller in scope, Augusta University President Brooks Keel, Ph.D., wrote in a separate message.

Augusta University officials said that, upon recognizing the nature of the attack, security leaders took action to stop the intrusion, including disabling the impacted email accounts, requiring password changes for the compromised accounts, and maintaining heightened monitoring of the accounts to ensure that no other suspicious activity was taking place.

On July 31, 2018, investigators determined that email accounts accessed earlier by an unauthorized user may have given them access to the personal and PHI of approximately 417,000 individuals.

While the investigation verified that personal information was contained in compromised email accounts, no misuse of information has been reported at this time, Keel wrote in his message.

In some cases, patient information that may have been contained in compromised email accounts included patient names and one or more of the following: addresses, dates of birth, medical record numbers, medical information, treatment information, surgical information, diagnoses, lab results, medications, dates of service and/or insurance information.

For a small percentage, information that may have been viewed included a Social Security number and/or driver’s license number, organization officials said.

Keel also wrote that IT staff reacted quickly to contain the July 11, 2018, attack. “The number of email accounts involved in this attack is fewer than those in the September attack. The investigation into the consequences of that attack is still underway,” Keel wrote.

 In response to the incident, the organization has taken or will be promptly initiating several actions to protect against future incidents, Keel stated. Organization leadership created a new position of vice president for audit, compliance, ethics and risk management to bring “fresh leadership and direction to compliance functions.”

The organization also is implementing multifactor authentication for off-campus email and system access, reviewing and adopting solutions to limit email retention, and leadership is taking steps to implement a policy banning PHI in email communications.

In addition, Augusta University officials said the organization is employing software to screen emails for PHI or personally identifiable information (PII) to prevent them from sending, increasing employee training in preventing security breaches, and enhancing compliance-related policies and procedures.

Augusta University will offer free credit monitoring services for one year to individuals whose Social Security number was included in the compromised email accounts.

More From Healthcare Informatics

/article/cybersecurity/podcast-ahas-cybersecurity-leader-john-riggi-evolving-cyber-threats-facing

PODCAST: AHA's Cybersecurity Leader John Riggi on the Evolving Cyber Threats Facing Healthcare

August 17, 2018
by Heather Landi, Associate Editor
| Reprints
Riggi believes the cyber threats against healthcare are increasing in severity, complexity and frequency
Click To View Gallery

 

Within the healthcare industry, cyber threats are constantly evolving as the threat landscape changes, and executive leaders at patient care organizations all face the same daunting challenge of protecting information systems and patient data.

A recent report found that cyberthreats are continuing to increase and shift, and even though ransomware attacks are significantly declining, cyberattacks overall are on the rise. A Protenus Breach Barometer report found that 3 million patient records were breached in the second quarter of 2018 alone. At the same time, an IBM Security study found that the cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year. Overall, the healthcare industry continues to incur the highest cost for data breaches compared to any other industry.

Another report based on a survey of hackers uncovered some alarming results: about a quarter of hackers surveyed say they can complete a breach of a hospital or healthcare organization under five hours.

On top of all that, recent high-profile healthcare cybersecurity incidents in the past few months serve as a stark reminder that the healthcare industry continues to be a ripe target for attacks. One cyber attack on Singapore’s public health system, SingHealth, breached the records of 1.5 million people and targeted the country’s prime minister. The breach impacted about a quarter of Singapore’s population of 5.6 million people.

John Riggi, who serves in the newly created role of senior advisor for cybersecurity and risk with the American Hospital Association (AHA), sees the  cyber threats against healthcare increasing in severity, complexity and frequency. Prior to his role at AHA, Riggi spent nearly 30 years with the FBI, including in the cyber division.

Riggi dives into the evolving cyber threats facing the healthcare industry right now, including sophisitcated criminal organizations, nation-state actors and cryptocurrency mining malware. Case in point, the incident of cryptocurrency mining on healthcare networks and other critical infrastructure networks increased by 1,000 percent from late 2017 to the present, Riggi says. He also discusses the implications of recent high-profile cyber incidents such as the hack at SingHealth.

The podcast runs about 13 minutes in length. You can listen to all Healthcare Informatics podcasts right here.


Related Insights For: Cybersecurity

/whitepaper/who-can-healthcare-trust-when-ransomware-hits

Who Can Healthcare Trust When Ransomware Hits?

Please register to download


WannaCry and Petya caused business impact for several organizations and in both cases the damage was largely mitigated across the industry. This information is widely known.

What is not widely known is what the role of information sharing was between private industry and the public sector specifically between the NH-ISAC Threat Intelligence Committee members (TIC) and the HHS Healthcare Cybersecurity Communications and Integration Center (HCCIC).

See more on Cybersecurity