CommonSpirit’s ‘IT security incident’ was a cyber attack, security experts say | Techno Glob

This audio is automatically generated. Let us know if you have feedback.

An “IT security incident” reported this week by CommonSpirit Health, one of the nation’s largest health systems, is a cyber attack, security experts said.

CommonSpirit announced Tuesday that an unspecified security incident is affecting multiple areas and disrupting access to electronic health records. Due to this incident some systems have been taken offline as a precautionary measure, the system said.

When asked if the incident was a ransomware attack, CommonSpirit spokesman Chad Burns said Healthcare Dive said via email Wednesday that the system was unable to provide further details.

Burns did not respond to an emailed request for more details about the incident by the time of publication.

Some of CommonSpirit’s facilities in Chattanooga, Tennessee, have moved some systems including electronic health records offline, according to a statement from CHI Memorial, which operates two hospitals in the Chattanooga area.

Some patient procedures have been rescheduled due to the incident, CHI Memorial said in a statement.

Some details have led to some speculation on the nature of the Chicago-based security incident common spirit Health, moving systems offline and disrupting electronic health records is seen as a defensive move, security experts told Healthcare Dive.

It is possible that “an attacker has access or is trying to access their system and they want to do whatever they can to prevent it. So what’s the easiest way to do it? Unplug everything,” Ali said MelenSenior analyst of security and risk at Forrester, a research and consulting firm for various industries.

Hospitals operated by CommonSpirit in Iowa, Washington, Texas and Nebraska have also been affected by safety concerns since problems were first discovered in Chattanooga.

Some hospitals were forced to use paper charts and some diverted ambulances for short periods.

In Iowa, the Des Moines Register reported that ambulances were briefly diverted Monday to MercyOne Des Moines Medical Center, a CommonSpirit facility, and other emergency rooms.

In Washington, the Kitsap Sun reports that the inability to access electronic health records has forced providers to use paper charts.

If there is a possibility that someone has gained access to the system, it would be common for a healthcare organization to revert to paper systems, or in this case paper charting, said Rob Hughes, RSA’s head of security and risk. RSA works with healthcare organizations to secure their users’ identities and manage access to their IT systems.

“My expectation is that if you have a security program, it will be related to the attack,” he said. “You would expect with a security event or a security incident that someone might do something they shouldn’t have or they shouldn’t.”

John Riggi, who advises the American Hospital Association on cybersecurity and risk, declined CommonSpirit Health offered their input on the cyber attacks, to comment directly on the incident.

“Typically, when we’ve seen disruptive cyberattacks … one of the defensive measures to prevent the spread of malware is to disconnect affected technologies, services, electronic medical records,” said Riggi, who is a former FBI division chief. Monitoring cyber issues.

Riggi added that the preventive measure is to “quarantine the infected patient”.

The worst-case scenario is a ransomware attack, when attackers gain access and encrypt systems, demanding a ransom from organizations in exchange for encryption keys.

“This is a very common type of attack because private health information is a very expensive commodity,” Hughes said.

Hospitals collect a lot of information from patients, from Social Security numbers to medical diagnoses and addresses, and centralize it in one place, Forrester Mellen said.

Attackers know that hospitals “will feel the pain of these types of attacks” because they need to operate every hour of every day, Mellen added.

Source link