Healthcare industry continues to bear the brunt of ransomware campaigns. Recently, Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu was the newest victim. Early indications from the ransomware removal and recovery point toward a potential loss of patient data.
Out of all the institution’s servers, cybercriminals were able to find a chink in the armor of the most critical server; the one that contained the patients’ personal information like names, birth history, addresses, credit card details as well as medical history like diagnosis and treatment types.
Luckily, the Honolulu-based medical facility was successful in the ransomware removal process. Afterward, the backup measures have assisted in the quick restoration of the systems.
The management cleared that since the exploitation of its servers does not fall in the category of payment, medical operations, or treatment, the standard regulation has been violated. The regulation does not permit the disclosure of a patient’s data without a written approval. Thus, the Health Insurance Portability and Accountability Act’s (HIPAA) rules have been broken, which requires the institution to report the incident. Therefore, the FDIP has contacted the U.S. Department of Health and Human Services.
The attack emerged as a bitter reminder for the institution to improve its cyber defense. Since the attack, the facility has been heavily involved in the implementation of modern security protocols and policies. For the affected patients, the facility has issued a warning regarding attention to any attempt of unfamiliar and doubtful communication.
So, what exactly is driving such an influx of ransomware attacks in the healthcare industry? According to prominent ransomware removal experts, cybercriminals are targeting two weaknesses: Outdated systems and sensitive data. Hospitals do not have the latest security tools, making them an easier target. Similarly, stealing the patient data can help generate larger profits due to its sensitivity.