• Medical Scribes
  • Testimonials
  • Request Information
Toll Free: 866-777-7264 | Local: 316-776-9495
HealthFlex
×
  • Home
  • Office
    • About Us
    • Our Team
    • Careers
    • Testimonials
  • Login
    • MDS Email
    • AUBY Email
    • AzaleaHealth
  • Services
    • Medical Transcription
    • Medical Billing
    • Medical Scribes
      • Testimonials
    • Azalea Health
  • Info
    • eNewsletters
    • Press Releases
    • FAQ’s
    • Brochures
    • Web Links – Resource
  • Blog
  • More
    • Consultants
    • MT Week Proclamation
    • Approvals | Partnerships
    • Our History
      • Company Profile Resume
      • MDS of Kansas Brochure
    • Gallery
  • Contact

Why providers’ biggest cybersecurity risk could be their vendors

March 28, 2018DD.AubuchonNewsTechnologiesbreachcyber-securityransomware

When Hancock Health was hobbled by ransomware, it wasn’t for the usual reasons. No one had clicked a suspicious link in a phishing email. It had its system fully backed up and recoverable.

The attack came from an outside vendor. Hackers stole credentials from one of Hancock Health’s hardware providers, then targeted the hospital’s backup site.

They delivered the ransomware via the connection between the backup site and the hospital’s main site server farm, compromising the backups, the connection and the hospital’s records.

After consulting with their cyber-security partner, Hancock Health paid the attackers about $55,000 in bitcoin, which was cheaper than fixing its system on its own, and it still took over three days for everything to return to normal.

Looking at the series of events, three major takeaways immediately jump out from Hancock Health’s ransomware attack and recovery.

By taking the following steps, a healthcare organization could avoid a similar fate.

Keep backups separate through segmentation
Maintaining backups is of course key to defeating ransomware. If an organization is able to quarantine the infected machines, they can simply wipe them and reimage them from backups without having to pay a cent in bitcoin.

The trick, of course, is keeping backups clean. In a flat network like the one at Hancock Health, everything’s accessible at the same level. Hackers with access to the backups were able to get access to the main data center. Had the backups been segmented, the criminals still would have disrupted the hospital’s operations, but the recovery could have been quicker and easier.

By putting up firewalls with strict filtering between different network segments, an organization can quarantine an attack from backups. With properly segmented networks, it can just close off the infected segment and reimage the infected machines.

Manage vendors with an eye toward security
No matter how much ransomware training is provided to employees, and no matter how many internal processes are in place, one vulnerable vendor can still leave an organization’s systems open.

Was that Hancock Health vendor categorized as a critical service provider? How much due diligence was conducted when reviewing its security posture? Was there a plan to break the kill chain in case the vendor was compromised?

A supply chain affects an organization in many ways, and one of the most commonly overlooked aspects of any relationship is cybersecurity. Now more than ever, organizations need to thoroughly vet partners that have sensitive access to their systems and keep close tabs on who has credentials.

Another caveat is that an organization’s systems don’t even have to be affected. When vendors shut down from a ransomware attack, an organization can still lose essential services. Allscripts had several applications knocked offline after ransomware gripped two of its data centers, affecting a variety of healthcare providers.

While the company hustled to get back online, customers had to make do without the infected applications. Always think through a contingency plan for when a critical partner is at the receiving end of an attack.

Expand cybersecurity partnerships
While vendors can cause attacks, they can also prevent them.

The Hancock Health attack confirms the need for pre-arranged partnerships with industry experts to assist during crisis situations. A hospital only has so much resident cybersecurity expertise. After all, its mission is delivering quality care that improves patient outcomes, not thwarting ransomware.

By striking up a relationship with a specialized cybersecurity firm, Hancock Health got quick access to threat mitigation and disaster response services.

Finding such a firm before an attack occurs can allow you to test procedures and resiliency regularly. By conducting mock data breach exercises, an organization can identify and address any gaps before they’re exploited.

In addition to uncovering potential vulnerabilities, like lack of segmentation, an outside firm can limit the damage after an attack and ultimately get an organization up and running faster.

The longer it takes to fully recover from an incident, the costlier it can become, and in healthcare especially, any delay can cost lives.

While many ransomware attacks are the result of phishing emails and unsuspecting employees, it’s not the only way hackers can paralyze your systems. Any outside vendor that has access can unwittingly become the source of malware.

Medical Document Services of Kansas, LLC (MDS) is a Wichita, Kansas healthcare document service specializing in Medical Billing, Medical Transcription, Scribe Services, and AzaleaHealth EHR.   We provide efficient, accurate, affordable quality services for hospitals, clinics, and facilities of all sizes.   Call 866-777-7264 today, or visit our website for more information.  We have education programs in Medical Scribe Specialists. #MedicalTranscription #AzaleaHealthEHR #RevenueCycleManagement #MDSofKansas #MedicalBillingService #MedicalScribes

Recent Posts

  • Inpatient Psych Facilities Spend $1.7B on Medicare Compliance
  • Social media affecting workplace productivity: Report
  • Electronic records are driving doctor burnout | Opinion
  • How Information Blocking Regulations Can Promote EHR Usability
  • EHR Alerts … and more!

Tag Cloud

ACMSS AHIMA AMA Azalea Health billing billing services Clinical Documentation Cloud based EHR coders coding doctors doctors drowning in paperword Education EHR EHR dissatisfaction Electronic Health Record ELECTRONIC HEALTH RECORDS electronic medical record EMR healthcare healthcare billing healthcare documentation health reform HIMSS HIPAA HIT HITECH Act hospitals ICD-10 Information Technology Meaningful Use medical billing medical coding medical document service medical records medical scribes medical transcription obamacare Office of the National Coordinator for Health IT (ONC) physician dissatisfaction physicians physicians dissatisfation revenue cycle management speech recognition telemedicine

Categories

  • ACMSS
  • Billing / ICD-10
  • Business
  • Document Scanning
  • Education
  • Electronic Medical Records
  • MDS of Kansas
  • Medical Articles
  • Medical Scribes
  • News
  • Physicians Voice
  • Scribe Charting
  • Technologies
  • Transcription
  • Uncategorized

Archives

  • July 2019
  • April 2019
  • January 2019
  • December 2018
  • September 2018
  • June 2018
  • March 2018
  • January 2018
  • November 2017
  • September 2017
  • May 2017
  • April 2017
  • July 2016
  • May 2016
  • January 2016
  • December 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • January 2015
  • November 2014
  • August 2014
  • July 2014
  • May 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • September 2012
  • August 2012
  • July 2012
  • September 2011
  • August 2011
  • September 2010

Calendar

March 2021
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Jul    

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

logo

MDS of Kansas

BUSINESS HOURS

Monday-Thursday 8:00 a.m. to 4:30 p.m.
Click for the BBB Business Review of this Medical Record Service in Wichita KS

Latest News

  • Inpatient Psych Facilities Spend $1.7B on Medicare Compliance Jul 25

  • Social media affecting workplace productivity: Report Apr 18

  • Electronic records are driving doctor burnout | Opinion Jan 17

316-776-9495

info@mdsofkansas.com

http://www.mdsofkansas.com

241 N. Hillside St. Wichita, KS 67214

Copyright ©2020 All Rights Reserved
Developed by Angela G ICT