The Health Insurance Portability and Accountability Act (HIPPA) website provides a journal of reports on technology impacts on healthcare provision and cyber-attacks. On 17th November 2021, a report argues that the Protected Health Information of about 127,800 patients may have been compromised after a ransomware cyber-attack, according to a notification received by the Maine Attorney General. NorthCare, a mental clinic in Oklahoma City, was attacked in June 2021, putting the information about the patients at risk. Further investigation reveals the hospital network system had been breached earlier, 29th May 2021, before the actual attack on 1st June.
The attackers infected the files with ransomware that prevented access to the patients’ files and demanded payment to decrypt the files. Fortunately, the hospital could recover the data from their backup systems without paying the attackers. However, they could not prevent the files from being interfered with. The assumption is that they had access to personal and private data (“HIPAA breach news,” 2021). Necessary measures have been put in place to monitor and track identity theft and fraud cases if the patient’s personal information is leaked or used outside.
Interestingly, the hospital’s system was breached and took a few days before an alert was sounded. It seems that the attackers had time to quickly gather data and any information they needed before encrypting the files and asking for a ransom (McDermott et al., 2019). There should have been an alert system to detect a breach immediately. Potentially, at the sound of early detection, not all the data would have been accessed by the hackers.
I have learned that systems that are still vulnerable to cyber-attacks require security and network protocol. Hospitals should strive to build better technological systems that cannot be breached. Hospitals need to ensure that tight security measures are put into place. For example, an alert alarm or system goes off if a data breach is detected to avoid similar cases. I have ascertained that hospital personnel in charge of these systems should be equipped with information on cyber-attacks for them to be able to prevent such kinds of attacks. Furthermore, I have identified that it is important to keep backup data for when comparable attacks happen.
References
HIPAA breach news. (2021). HIPAA Journal. Web.
McDermott, D. S., Kamerer, J. L., & Birk, A. T. (2019). Electronic Health Records: A literature review of cyber threats and security measures. International Journal of Cyber Research and Education IJCRE, 1(2), 42-49.