Malware Attacks: A Tale of Two Healthcare Incidents

Two recently disclosed malware attacks in the healthcare sector illustrate that detection and mitigation of such attacks can be rapid, or it can take many months. The bigger of the two incidents – impacting nearly 539,000 patients – was a malware attack on LifeBridge Health that occurred in September 2016 but was not discovered until 18 months later, the Baltimore, Maryland-based physician practice reports.The other incident was a May 17 ransomware attack on Allied Physicians of Michiana, a specialty practice based in South Bend, Indiana, which says it was able to swiftly mitigate the situation without major disruptions to patient care. The organization, however, has declined to say whether it paid a ransom or used back-ups to quickly restore its systems.Security experts say that while many healthcare organizations are making progress in detecting and mitigating malware attacks, there’s still lots of work to be done. That includes implementing more robust authentication, improving monitoring and analysis of network activity and patching and updating software.