BreachExchange mailing list archives
MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law
From: audrey () riskbasedsecurity com (Audrey McNeil)
Date: Wed, 30 Mar 2016 17:54:55 -0600
http://hitconsultant.net/2016/03/30/medstar-cyber-attack/ The FBI is investigating a Monday cyber attack by anonymous hackers that forced MedStar Healthâs 10 hospitals and more than 250 outpatient centers to shut down their computers and email. After the cyber attack was discovered, the provider immediately made the decision to take down all of their systems as a precaution to ensure further security breaches. The Washington, D.C.-based healthcare system employs more than 30,000 people and treats hundreds of thousands of patients in the Washington region. The incident follows similar cyber attacks targeting at least three other medical institutions in recent weeks. âMedStar acted quickly with a decision to take down all system interfaces to prevent the virus from spreading throughout the organization,â spokeswoman Ann Nickels said in a statement on Monday. âWe are working with our IT and cyber-security partners to fully assess and address the situation. Currently, all of our clinical facilities remain open and functioning.â On Tuesday, it was reported that MedStar patients were being turned away or treated without access to the patientâs EHR. By Tuesday evening, MedStar staff could read â but not update â thousands of patient records in its central database, a spokeswoman said. MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law The chairman of the Senate health committee said the MedStar cyber attack shows the need for the U.S. Department of Health and Human Services (HHS) to implement cybersecurity legislation passed by Congress âwith the urgency patients and hospitals deserve.â âThe consequences of cyber attacks like yesterdayâs hacking at MedStar Health can be catastrophic for Americaâs patientsâimagine, an attack leaving doctors unable to access crucial information in a patientâs health history or delaying a surgery for hours on end,âChairman Lamar Alexander (R-Tenn.) today said. âCongress has passed a law to help keep hospitals and patients safe from these malicious attacks â calling for Health and Human Services to give hospitals and doctors clear information on the best ways to prevent a hack in the first place and putting someone at the agency on the flagpole if a cyber attack occurs. Yesterdayâs attack, which, unfortunately, is not unique, shows the need for HHS to implement the law with the urgency patients and hospitals deserve.â The attack on MedStar Health forced the hospital chain, which serves hundreds of thousands of patients, to shut down its email and health records database in an effort to keep the virus from spreading further throughout the organization. Yesterdayâs incident follows similar cyber attacks targeting at least three other medical institutions in recent weeks. Cybersecurity Information Sharing Act of 2015 Last year, the Senate health committee authored a provision, which passed as part of the Cybersecurity Information Sharing Act of 2015, that would help protect the health care industry from cyber attacks by: â Charging HHS and its subdivisions with naming an official who is responsible for leading the agencyâs cybersecurity effortsâto coordinate response and so health organizations will know who is in charge of offering guidance and support; â Requesting that the agency issue a report on emerging cyber threats in the health care industry, so both the agency and the American public have an accurate picture of the impact of these attacks; â Creating a task force of health industry leaders and cybersecurity experts to identify the biggest challenges in securing against cyber threats and recommend specific solutions to the agency; â Charging the task force to create a central resource to distribute cyber intelligence from the federal government to health care organizations in near real time, so they can rapidly respond to active threats; and â Instructing HHS to create a series of best practices for health industry leaders to followâon a voluntary basisâto help them keep their organizationâs data as secure as possible. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160330/4ce2dc3d/attachment-0001.html>
Current thread:
- MedStar Cyber Attack Shows Need for HHS to Implement Cybersecurity Law Audrey McNeil (Mar 30)