This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Today in health, it details on two more cyber attacks. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT at channel dedicated to keeping health IT staff current and engaged. Just wanna remind you one more time about CliffNotes. CliffNotes is a service that we offer at this week in health.
It it's a great way to keep you and your staff current. We know you don't have time to listen to every episode that we do, but we develop clip notes to keep you informed. It's an email that goes out 24 hours after each show airs on the channel with a summary, bullet points of key moments, and two to four short video clips.
nd,:Hackers had access to data, including names, addresses, claims, information, laboratory results, medical diagnoses, and conditions. Medical record numbers and other medical identifiers. Prescription information, treatment information, medical information, social security numbers, government identification numbers, payment card numbers or financial account numbers and security codes, student ID numbers and usernames and passwords.
Okay, it goes on in a fact. Frequently asked questions attached to the notice. The hospital said it discovered suspicious activity on March 12th, but it took until April 8th. For its security team to officially identify it as a security matter. The statement said the hackers gained control of employees' email accounts for weeks before uc.
San Diego Health discovered the breach, terminated the accounts, and contacted the FBIA cybersecurity company is still investigating the incident. And U uc, San Diego Health said the review will finish in September. Alright, so that's the first story. The second one's fairly new. Es gonna say Health is diverting ambulances.
As cyber attack investigation continues. Let me give you some of the details. company-wide email and online medical record keeping are all part of a self-imposed network shutdown at the health system. Es gonna say spokesperson. Toms said they decided to shut down their network after detecting an attempted ransomware attack Wednesday morning.
Since then, any ambulances that would've headed there are on diversion. Mitch Parker, who's been on the show, the executive director and Chief Information Security director at IU Health said they've seen significant uptick in hospital cyber attacks, which we've been reporting on. On the show. Parker said hospitals have become prime targets because they need care for their patients, and that's gonna be.
Primarily what we're gonna talk around the, so what hospitals have become prime targets. But Parker said these attacks can affect far more than private records. He said it also affects the way the hospitals operate. In scones case, it is having to divert ambulances. It has a cascading effect. And what ends up happening is you increase the capacity at every other hospital in the radius that has an emergency room.
Both Parker and Scott Shackleford, the Chief Cybersecurity Risk Management at IU said this is a constantly evolving fight. It's an arms race, and both attackers and defenders are learning from each other in real time. He said, unfortunately, it's still a lot easier to be an attacker than a defender. You only need to find one point of vulnerability.
One chink in the armor to get in. Shackleford said, everyone from employees to executives need to be prepared for these types of attacks. He goes on to talk about, everybody needs to understand what they look like, understand how to practice cyber hygiene, how they talk about the challenge of finding these people.
'cause they're outside of the jurisdiction, they're in other countries essentially. And they also go on to talk about different resources that are available in Indiana that can help other health systems. So those are the two stories, and here's my so what, let's do an exercise. How much does diversion cost your health system?
How much does it cost your health system? If the EHR and supported systems are offline for say 15 days, what is the risk to your patients if this happens? What is the risk during this spike in hospitalizations due to the new variant of COVID-19? Think about it. If people can't go to this hospital, that means they're going to other hospitals.
And during a spike like this, based on this variant, we could run outta hospital beds. In a market where you have . Ransomware attacks happening at the same time that you have a spike. So I would ask these questions when you get pushback on funding. But the next thing I would say is, and this really gets to the heart of, are you ready?
Are you sure no one is on your network right now? Are you really sure that no one that shouldn't be on your network is there right now? How would you know who's looking for these anomalies? What are you gonna do if you find any anomalies? Who's your first call if you identify some. What's your first action?
If someone was on your network, are they going to be able to gain access to your key systems? How hard is it to gain access to your entire network from a single computer? If you don't know these answers, I'm likely going to be reading a story about your health system in the very near future. My So what is the same as it was about a month ago?
Security is your highest priority right now. Full stop. That's all for today. If you know of someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com, or wherever you listen to podcasts. Apple, Google Overcast, Spotify, Stitcher, you get the picture.
We're everywhere. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health leaders. VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks. Thanks for listening. That's all for now.