“It doesn’t matter how big or small your organization is, the cyber threat is real and doesn’t discriminate,” said Heather Roszkowski, the leader of the Cybersecurity and Information System of Augusta University and AU Health, as she addressed a standing room only crowd of about 200 doctors, nurses, practice managers and support staff from the local community on December 14th in Columbia County.
Patrick Reynolds (see above) of Cross Link Consulting introduced Roszkowski, the visionary for the Cyber Defense and Enterprise Department housed in Building II of the Georgia Cyber Center.
Roszkowski gave a chilling account of what happened (coincidentally) a few years after she left her post as Chief Information Security Officer at the University of Vermont Medical Center.
An attack shut down the hospital’s applications. They found a file with the attackers’ contact information. The health system was forced to shut down its IT network, but decided against contacting hackers.
“We assumed the reason to contact them was to hold us at ransom,” Dr. Gentile from UVMC told the Burlington, Vermont newspaper.
The health system worked with the FBI, National Guard and a major IT company. Hackers placed malware on more than 5,000 hospital computers that encrypted files and data on 1300 servers.
UVM Medical Center had to wipe the computers, laptops and servers and then reinstall all data and software, according to the report.
“You don’t want to wait until you are forced to turn away cancer patients and reconstruct critical chemo notes and look at old fax machines and reprinting out data. You don’t want to wait. This organization here had to rebuild,” Kozlowski told the medical group at the Columbia County Performing Arts Center.
By rebuilding, 300 employees were furloughed or re-assigned for a period of time, and though about 80% of functions were restored – and there was no evidence of lingering malware, the attack cost the UVM Medical Center around $1.5 million per day in lost revenue and expenses to restore its computer systems.
The hackers were able to compromise UVM Medical Center’s security system despite preventive measures.
“This is an arms race,” Dr. Gentile said. “We all have to continually update our tools and approaches to stay ahead of the bad guys.”
Back in Augusta, the fight continues for Cross Link Consulting as it begins its 20th year.
“We get asked why we chose healthcare as a specialty focus,” queried Cross Link’s Gordon Renshaw from the podium. “It really comes down to this – we are protecting the protectors. You guys are the protectors. The medical information is not just valuable to you and your patients, but it is valuable to the bad guys who want to infiltrate your systems.”
Roszkowski believes there is truth in numbers and is calling on the medical community to be aware of the threat and take action.
“It starts with a conversation. What can we do? Band together and work to solve these problems and keep them from affecting our patients,” she concluded.
Cross Link Consulting is an ABD strategic partner and presenting sponsor of this Winter Soiree put together by the Medical Professionals Magazine.