What can hospitals learn from the Kansas Heart Hospital breach?

It’s a story similar to many others that have been taking place over the last few years. Employees and executives come into their place of business like any other day, only to realize that the critical data they need to do their jobs is locked away under the watchful eyes of cybercriminal encryption.

Kansas Heart Hospital’s ransomware experience was an echo of many other companies’ breach narratives at the beginning; however, this story took a turn for the worse. While an unfortunate incident for the hospital, this case does shine a bright light on some valuable lessons that the health care industry as a whole should take note of.

What exactly happened?

Kansas Heart Hospital is just the most recent victim in a long line of data breaches that have taken place in this sector. According to HealthcareITNews, the health care institution was hit with a ransomware infection that left employees without access to certain important information until a ransom – typically requested in the form of untraceable Bitcoin – was paid. While the exact amount was not specified, Kansas Heart Hospital president Greg Duick confirmed that the organization did send money to cybercriminals, noting that it was only “a small amount.”

“Kansas Heart did not regain access to its information after the ransom was paid.”

However, as opposed to unlocking the files and data as promised, Kansas Heart did not regain access to its information after the ransom was paid.

“Kansas Heart Hospital discovered that paying a ransom does not necessarily result in viable decryption keys being provided,” HIPAA Journal noted. “Rather than supplying the keys to unlock the data as promised, the attackers decided to try to extort more money from the hospital and a second ransom demand was issued.”

Instead of sending additional funds, however, Duick and other hospital executives elected not to pay this subsequent ransom.

“[T]he policy of the Kansas Heart Hospital in conjunction with our consultants, felt no longer was this a wise maneuver or strategy,” Duick said in a statement, according to HIPAA Journal.

Ransomware attack: The aftermath

So where does this leave the hospital, its patients and its critical information? As one can probably guess, the hackers responsible for this attack – which Duick thinks is an offshore operation, HealthcareITNews noted – did not unlock the institution’s files or data. Currently, the hospital is working to restore this information from its backup files.

“Kansas Heart Hospital did have a ransomware emergency plan in place which was triggered following the attack, although not before the infection had spread,” HIPAA Journal reported.

Duick noted that even with this set of procedures in place, the infection still managed to become “widespread throughout the institution.”

Lessons learned: Takeaways for the health care industry

By no means was Kansas Heart Hospital the first victim of its kind, and it surely will not be the last. If the rash of ransomware attacks that have taken place over the last few years have taught us anything, it’s that any organization in any industry – particularly health care – can fall victim to an attack that results in a data breach.

However, this case does provide a few key lessons that other hospitals should pay close attention to, including:

    During a ransomware attack, hackers utilize encryption to prevent authorized access to important data and files.

  • Having a plan is important: Kansas Heart Hospital did have an emergency plan in place, which is best practice in the current data breach environment. Health care organizations should be prepared for such an incident, and never operate under the assumption that this type of scenario won’t take place at their institution.
  • A quick response is key: Oftentimes, before the outright signs of infection are examined (i.e., a locked screen with a ransom demand), hackers work in the background of the network and internal systems to prepare for the actual attack. It’s critical that whenever any type of suspicious activity is observed, it is reported to the IT team and addressed.What’s more, it’s never too early to launch a response plan. As Kansas Heart’s example shows, a late response can result in a more widespread infection.
  • Backing up critical information is essential: Thankfully for Kansas Heart, the hospital had backups of its critical information that it could draw from after the attack. The importance of having these backups cannot be understated, as it can prevent an organization from having to even consider paying a ransom. With securely protected backups in place, hackers are powerless.
  • Put protection in place beforehand: It’s also critical for hospitals to have industry-leading protection measures in place before an attack ever occurs. One of the most important best practices here includes the use of a robust firewall that can guard against unauthorized access, helping to block infections.
  • Work with an expert solution provider: Duick noted that Kansas Heart Hospital worked with an expert consultant after the attack, helping the institution reach the conclusion that paying a second ransom was not wise. This illustrates the importance of partnering with an industry-leading, knowledgeable solution provider that can help ensure that your organization has everything it needs to remain protected.