Between April 21 and April 25, 2022, the Yuma Regional Medical Center (YRMC) in Arizona was the victim of a ransomware attack in which the attackers obtained the protected health information of approximately 700,000 current and former patients.
This information included names, social security numbers, health insurance information and limited medical information. Throughout the attack, facilities remained open and operating using established backup processes and downtime procedures.
As YRMC puts in efforts to get all its systems back online, it is continuing to assist patients through “established back-up processes and other downtime procedures.”
More recently, YRMC indicated that it sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
In the wake of the cyberattack, steps have been taken to improve security to prevent further attacks and affected individuals have been offered complimentary credit monitoring and identity theft protection services.
However, the scale and nature of the cyberattack raises concerns for industry in general. Here Gary Ogasawara, CTO of Cloudian provides Digital Journal readers with some pointers.
According to Ogasawara there are strong signals for businesses to take robust action. He states: “The exposure of patient data at Yuma Regional Medical Center again highlights why organizations need to encrypt sensitive data (both in flight and at rest) to protect against ransomware attacks.”
Further with cryptography, Ogasawara recommends: “Encryption prevents cybercriminals from reading or publishing data in any intelligible way, eliminating the threat posed by this form of ransomware extortion.”
There are other measures to consider as well. As Ogasawara notes: “In addition, organizations should have an immutable backup copy of their data.”
Furthermore, Ogasawara adds: “Immutability prevents cybercriminals from altering or deleting that data, enabling a ransomware victim to quickly recover the unchanged backup and resume operations, again without having to pay ransom.”
Immutability is one of the key features of blockchain technology. Here, immutable transactions make it impossible for any entity (for example, a government or corporation) to manipulate, replace, or falsify data stored on the network. It is this type of approach that can make systems more resilient against cyberattacks.
