Preparing for the Unforeseen: How Health Systems Strategize for Severe Cyber and Natural Disasters

In the rapidly changing landscape of cybersecurity, healthcare organizations are facing a growing array of threats, with ransomware emerging as a significant concern.

Kim, a cybersecurity expert, has warned healthcare leaders to be vigilant against insider threats, ransomware, denial-of-service attacks, and social engineering. Social engineering, including the use of deepfakes, is a growing threat that requires a change in thinking and processes as we immerse ourselves further into virtuality.

This warning comes at a time when ransomware attacks are seeing a significant evolution and are expected to continue this trend. A case in point is the ransomware attack on Memorial Hermann Health System in Houston, which caused 1,300 servers to go offline in a 15-minute span, leaving the organization's Epic electronic health record system offline for four weeks.

To prepare for such extended downtime, Memorial Hermann has been conducting ransomware exercises since 2018. The aim is to evaluate how the organization can continue patient care during prolonged operational disruptions. However, the head of IT security at Memorial Hermann, despite his regular efforts, remains unidentified in the search results.

Adam Lee, director for emergency management and organizational resilience at Memorial Hermann, led a two-year effort to map critical processes across departments, identifying what each area needed to maintain operations for 30 days rather than just a few hours. This proactive approach proved crucial during the ransomware attack, as paper-based workarounds proved inadequate for the prolonged downtime of the Epic system.

Radiation oncology treatment continued during the downtime by building an isolated interim environment. Meanwhile, the nonclinical workforce of the University of Vermont Health Network, which was already working remotely due to the COVID-19 pandemic, continued their operations.

In response to the ransomware attack, the University of Vermont Health Network replaced 5,500 compromised endpoints and implemented new security tools, including CrowdStrike's Falcon EDR platform, Rubrik's immutable backups, and Zscaler for cloud-based security visibility.

Denial-of-Service attacks can be particularly problematic in healthcare, where technology is crucial for patient care. Insider threats can also pose a major risk, with individuals with trusted physical or virtual access posing a significant threat. An email believed to be from a homeowners association exposed the University of Vermont Health Network to ransomware.

In conclusion, as ransomware continues to evolve, healthcare organizations must remain vigilant and proactive in their cybersecurity measures. This includes regular exercises to evaluate extended downtime procedures, the implementation of robust security tools, and a change in thinking and processes to account for social engineering and deepfake threats.

Preparing for the Unforeseen: How Health Systems Strategize for Severe Cyber and Natural Disasters