Crozer’s Cyberattack has Disrupted Hospital Computer Systems in Several States
The computer systems within the Crozer Health System experienced a shutdown due to a cyber assault on their corporate network. This resulted in the redirection of ambulances catering to stroke and trauma patients to alternative medical facilities, alongside the adoption of paper records. A similar cyber offensive impacted the headquarters of Prospect Medical Holding, leading to a precautionary closure of access to 16 hospitals and numerous clinics.
In a parallel incident, Crozer Health faced a cyber intrusion in June 2020, necessitating the temporary suspension of its computer systems. Substantial information regarding the motive behind this incident has not been disclosed, likely to deter potential imitators.
Given their susceptibility, hospitals are at high risk of attacks, and our assessment suggests that the security team neglected the implementation of comprehensive security systems and protocols to safeguard their infrastructure. Even more crucially, the absence of well-defined systems and procedures for promptly addressing such attacks is apparent. With appropriate measures in place, the identification and swift resolution of an attack should have been feasible, potentially obviating the need for patient diversion. Had a proper plan and protocols been in effect, the incident might never have attained news coverage, instead being a topic shared exclusively among IT professionals at a conference.
WISE WORDS FROM OUR IT DEPT.
Unfortunately, there is no magic solution to protect your systems and data. You must have a comprehensive, multi-layered approach and you need to adjust for the ever-changing challenges and potential threats.
Currently, the details pertaining to the hackers’ means of entry into the system remain undisclosed. It is unlikely this information will be released, as it could serve as a guide for other malicious actors. Reading between the lines, it appears that the doctor’s office(s) may have overlooked the implementation of comprehensive security measures such as multi-factor authentication (MFA) and thorough device management across their network.
If we were overseeing this situation, we would initiate a comprehensive audit encompassing their entire infrastructure and existing security measures. Immediate enhancements to their protective measures would be paramount, including MFA, firewalls, DNS security, device management, anti-phishing filters, and comprehensive staff training. Given the contemporary surge in cybercrime, businesses must take rigorous measures to safeguard themselves and their clientele. To delve further into safeguarding your enterprise, consider consulting the two articles provided below.
Audit Cloud Environments
Monitor Remote Access
Disable Unnecessary Ports + Protocols
Patch externally facing equipment
Own IT. Secure IT. Protect IT.
Let’s Talk Managed IT and Cyber Security
We emphasize accountability and the importance of taking proactive steps to enhance cybersecurity in the workplace and at home. Altek can analyze your current infrastructure, network security, and office technology to create a plan that aligns with your company’s needs while staying within a monthly budget.