The U.S. medical body, California health center LifeLong Medical Care, has been struck by a ransomware attack. The attack was sufficiently wide to leak personally identifiable information of around 115,000 patients across numerous health organizations.
The incident came to light after cloud IT provider Netgain Technologies, discovered a breach in November 2020 that impacted numerous healthcare organizations. LifeLong Medical Care was not informed about the breach until late February 2021. In August 2021 the body learned that its patient data had been compromised, according to the website Health Security.
Looking at this worrying cybersecurity incident for Digital Journal is expert Pravin Rasiah, who is the VP of Product, CloudSphere.
Rasiah notes how healthcare bodies appear to be vulnerable to cyberattacks in the past year or so. The reason for this relates to the treasure trove of personal and health-related data that is available and which can be sold illegally on the dark web.
More than 1 in 3 health care organizations globally reported being hit by ransomware in 2020, according to a survey of IT professionals
According to Rasiah: “Entrusted with collecting and storing sensitive patient data, healthcare systems must have proper security measures in place to prevent data breaches such as these, and this responsibility extends to third-party partners and vendors.”
The method of holding and transferring data may be a reason for the inherent vulnerability, Rasiah notes. By this he means the cloud environment, as he explains: “The complexity of cloud environments means that without proper visibility into where data is stored and what guardrails are in place to protect it, organizations are more vulnerable to cyberattacks and confidential patient information can easily be exposed and potentially misused by malicious actors.”
In terms of the actions needed, Rasiah recommends: “It is critical that healthcare systems invest in a comprehensive set of security tools to monitor and control security status in real time, minimizing the potential attack surface and providing holistic observability into the cloud landscape.”