Issue link: https://beckershealthcare.uberflip.com/i/922733
35 CIO / HEALTH IT 11 Biggest Healthcare Cyberattacks of 2017 By Julie Spitzer C yberattacks struck hospitals and health systems at an alarming rate this past year — nearly exceeding the rate of one breach per day. In fact, the Identity e Resource Cen- ter found the U.S. medical and healthcare sector experienced roughly 336 data breaches as of Nov. 29, which represents 28 percent of the total 1,202 breaches. at equates to 4.93 million records exposed, or 2.9 percent of the total 172 billion re- cords that have been exposed so far in 2017. Here is a look back at 11 of the biggest health- care data breaches reported in 2017, where hospitals, health systems or medical device suppliers indicated more than 100,000 pa- tients had been affected by the security inci- dent. Each incident has been previously pub- lished in Becker's Hospital Review or listed in HHS' Office for Civil Rights Breach Portal. 1. e names and personal data of near- ly 1 million people throughout Washing- ton state were compromised when a backup hard drive was stolen from a safe belonging to Washington State University's Social and Economic Sciences Research Center in April. 2. A former developer at Health Now Net- works — a shuttered healthcare telemarketing company in Boca Raton, Fla. — uploaded an unencrypted backup database to a virtual server on Amazon Web Services, expos- ing 918,000 healthcare consumers' records. 3. e OCR Breach Portal indicates Bowling Green, Ky.-based Commonwealth Health Corp. reported a data the incident com- promising 697,800 patient records, which it reported to the agency March 1, but no addi- tional details are available. 4. Airway Oxygen, a Wyoming, Mich.-based home medical equipment supplier, experi- enced a ransomware attack it discovered in April affecting 500,000 individuals. 5. A privacy breach at a practice site of Oaks, Pa.-based Axia Women's Health, formerly Women's Health Care Group of PA, affect- ed 300,000 patients. e organization discov- ered the virus in May but determined external hackers had access to its systems since January. 6. Los Angeles-based Pacific Alliance Medical Center recovered from a June ransomware at- tack that compromised the protected health information of 266,123 patients. 7. In January, Hyde Park, N.Y.-based CoPilot Provider Support Services, a healthcare ad- ministrative services and IT organization, re- ported a data breach affecting 220,000 indi- viduals. CoPilot's database, which healthcare professionals use to advise patients on wheth- er certain treatments are covered by insur- ance, was illegally accessed. 8. Texas-based Urology Austin noti- fied 200,000 patients in March that their patient information may have been compro- mised following a January ransomware attack. 9. Atlanta-based Peachtree Neurological Clin- ic uncovered a 15-month breach to its computer system while investigating a separate ransomware attack. e clinic reported nearly 176,295 patient records were potentially affected. 10. Fayetteville-based Arkansas Oral & Facial Surgery Center notified 128,000 patients of a July ransomware attack on its computer net- work that may have compromised some pa- tient names, dates of birth and Social Security numbers, among other data. 11. McLaren Medical Group's Mid-Michi- gan Physicians Imaging Center in Lansing compromised the data of 106,008 patients when it fell victim to a hacking incident, reported in August, according to the OCR Breach Portal. n 8 Cybersecurity Predictions for 2018 By Julie Spitzer A s 2017 comes to a close, Cymulate — a company that offers a breach and attack simulation platform — published its report "Recapping 2017's Biggest Cyber Trends and Predictions for 2018." In a big year for cybercriminals, 2017 saw not only an increase in the number of attacks but also multi-vector techniques that used social engineering and ransomware to monetize. In fact, this past year, over 2 billion data records were compromised. Some notable hacks include the Equifax data breach that ex- posed the personal information of 14.5 million Americans; the National Health Service, which exposed 26 million patients' records; and pharmaceutical giant Merck, which attributed $600 million in losses to the NotPetya malware attacks. Here are eight cybersecurity predictions for 2018, according to the Cymulate report provided to Becker's Hospital Review. 1. More leaks — like the Panama Papers and Paradise Pa- pers — should be expected, with accounting and law firms becoming prime targets since the information they hold is highly sensitive and of high value to cybercriminals. 2. Hacking groups, like Shadow Brokers, will continue to ex- ploit stolen National Security Agency tools to their benefit. 3. The use of drive-by and watering hole attacks as ways to deliver and distribute ransomware and other malware via unsecured internet browsing will increase. 4. Social engineering of employees via phishing and whal- ing attacks will remain widespread. 5. The ransomware Cerber family — which includes Mag- nitude — will remain the market leader due to its ability to evade detection by cybersecurity tools. 6. Based on their global success with WannaCry, NotPetya and Bad Rabbit, attackers will likely launch more attacks of these kinds in 2018, and the scope and damage are ex- pected to increase. 7. Countries such as Iran will become more active in cyber- attacks against their enemies and North Korea. 8. The threat of cyberattacks on electric distribution grids and the infrastructure of utilities will increase as well, since cyberattacks on critical infrastructure can remotely harm an entire nation. n