With the incident, the data of thousands of patients has been exposed, with the data drawn from Louisiana State University medical centers. In response, the LSU Health New Orleans body has issued a data breach notification (on November 20, 2020).
The incident apparently began following the detection of a cyber-intrusion into an employee’s electronic mailbox, according to InfoSecurity magazine.
In terms of the impact, the e-mail messages or attachments contained limited information about patients who received care at the following locations:
Lallie Kemp Regional Medical Center in Independence
Leonard J. Chabert Medical Center in Houma
W. O. Moss Regional Medical Center in Lake Charles
Earl K. Long Medical Center in Baton Rouge
Bogalusa Medical Center in Bogalusa
University Medical Center in Lafayette
Interim LSU Hospital in New Orleans.
Commenting on the attack for Digital Journal, Paul Keely, general manager of the Born in the Cloud business unit at Open Systems, tells Digital Journal about the scope of the data loss: “News reports surfaced today that a cyberattack at Louisiana State University medical centers exposed the sensitive financial and medical data of thousands of patients. ”
This also forms part of a troubling trend: “This is yet another example of a healthcare organization that has come under attack. These organizations are particularly attractive to bad actors given the wealth of data that hospital and patient records contain. That includes everything from billing details to blood type, data of birth to social security numbers, and home and work addresses to insurance account numbers.”
Keely sees this a consequence of a haphazard approach to technology within healthcare: “The growing number of connected devices used in healthcare, and the fact that individuals who manage administrative functions for healthcare organizations now often work from home amid COVID-19, only expands the threat surface.”
In terms of the next steps, Keely says: “This highlights the need for hospitals and other healthcare organizations to step up their cybersecurity efforts. But that’s not easy to do, particularly in the middle of a pandemic and at a time in which it’s hard to afford, find and retain top-tier cybersecurity talent.”
And with preventative actions: “Healthcare organizations can overcome those challenges by leveraging a managed detection and response provider. An experienced MDR provider can enable healthcare organizations to leverage data using context to identify threats and contain those threats quickly and efficiently before they spread and impact patients and internal operations.”
