This transcription is provided by artificial intelligence. We believe in technology but understand that even the most intelligent robots can sometimes get speech recognition wrong.

  Today in Health it, the story is Security Events Roundup. This is from Healthcare IT Security News. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT a channel dedicated to keeping health IT staff current and engaged. You may not have time to listen to every show that we put out on this week in Health it, but we developed clip notes to keep you informed.

It's an email that goes out 24 hours after each show airs. On the channel with a summary, bullet points and two to four short video clips. You can subscribe on our website this week, health.com. Just click on the subscribe button in the upper right hand corner. Or better yet, have your team subscribe and start discussions around these topics.

Alright, here's today's story. This week's Breach roundup from healthcare IT security news.com, and there's really a lot going on. Let's see. First of all, Scripps Health in San Diego was hit by ransomware attack over the weekend, forcing the health system into EHR downtime. Some critical care patients were diverted and online Patient portal has been taken offline according to local news outlet San Diego Union Tribune.

Monday appointments were also postponed due the cyber attack, which disrupted operations at two of Scripps four main hospitals and backup servers that reside in Arizona. Providers and other clinicians are leveraging paper records as telemetry has been impacted at most care sites. Access to medical imaging also appears to be down.

reports say all four hospitals in Encinitas, LA Jolla, San Diego and Chula Vista were placed on emergency care diversion for stroke and heart attack patients who were diverted to other medical centers. When possible, all trauma patients were also diverted. The Scripps website was also down. At the time of publication, outpatient Urgent Care Centers, Scripps Health Express locations and emergency departments remain open and are accepting patients, law enforcement and appropriate government agencies have been notified.

This piece will be updated as more information becomes available. All right, that's the first one. Second one, PA Health Department contact tracing data leaked by third party vendor error. The data of 72,000 individuals who used the Pennsylvania Health Department's contact tracing app. Was exposed after a third party error.

The Vendor Insights Global was contracted by the State Health Department for contact tracing services. For now, it appears the compromised data included the names of individuals who were potentially exposed to COVID-19 positive or negative test results. Any experienced symptoms, household members, and some contact information for those.

With specific social support service needs. Alright, Wyoming Health Department employee error exposes data of 164,000 patients on March 10th. Officials discovered that an employee unintentionally uploaded 53 files containing COVID-19 and influence a test result. Data and one file containing breath alcohol test results to private and public.

The vendor has continued to monitor dark web channels to ensure that data has not been disclosed so far. The attackers have upheld the agreement. However, it is important to note that Cove Ware has routinely stressed that victims should not pay the attackers as they more often than not, cannot be trusted.

Go figure. HME specialists, email hack impacts 153,000 patients. New Mexico based HME specialists. Recently notified 153,000 patients. Their data was potentially compromised after a hack of several employee email accounts, uh, phishing attack on River Springs Health. The data of roughly 31,000 patients of River Spring Health in New York was recently compromised after successful phishing attack.

My, so what is pretty straightforward, and it might be a little alarming, but I, I'm just gonna go ahead and say it right now. We are under attack. There are cyber carriers parked off of each coast and in the Gulf of Mexico. They're launching attacks daily, hourly, constantly on health systems across the country.

They used to be, they wanted to steal the data, but now they move to flat out extortion, give us the money, or we will destroy the data. All of it. Several health systems have experienced the full force of these attacks. They have lost medical records, images, and all supporting health data. Again, all of it gone forever.

This is not a game we are at war, except we don't fight back. We are in a constant defensive position. The attacks keep coming and we have to defend one mistake and they gain a foothold, two mistakes, and they get embedded any more than that, and you're the next headline. What can you do? Ask yourself beyond the normal platitudes of, I have a great team.

Do you have a team that you would go into battle with? Do you trust them to protect your health system's data, your community's data, your family's data? This is not a time to play manager. This is a time to be a leader. Do you have the team that can defend the health system from seasoned cyber criminals?

If not, stop playing around and get help. Know when you're outmatched and call for reinforcements. All of the large health systems have consultants in this area. All of them. Change your perspective on this. Start with this premise. They are already inside your network. Now. Find them. Know that the best defense is architecture before they attack.

Have you protected the crown jewels of your health system? You know, it's one thing to get into the network. It's quite another to exfiltrate data. It's quite another to destroy the data with no means to restore it. This starts with design, create the firewalls between systems, between data, between live and protected copies.

I used to hate cyber speeches like this one. I thought they were overzealous ex special ops wannabees that wanted to scare us into action. These people feel like a nuisance during a perceived peace time, but they're often the ones that see what we don't see and sound the alarm well before we heeded their warnings.

It's time we are at war. It's time to act like it. That's all for today. If you know of someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com or wherever you listen to podcasts. Apple, Google Overcast, Spotify, Stitcher. I. You get the picture.

We are everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.