Maryland’s Atlantic General Hospital is experiencing disruptions to some services following a ransomware attack. Healthcare professionals are operating on EHR downtime procedures. Most patients can still be seen; the attack has caused outages affecting the hospital’s pharmacy, outpatient imaging, outpatient walk-in lab, and pulmonary function testing
- The Healthcare Sector was frequently targeted for ransomware attacks in 2022 and that trend is continuing into 2023. Organizations that make up this critical infrastructure sector can’t say they haven’t been warned that a ransomware attack is coming for you. I urge all organizations to use the recently published ‘Blueprint for Ransomware Defense’ as an action plan for ransomware mitigation, response, and recovery to protect against future attacks.
- As the event is still under active investigation, Atlantic General is holding their cards close until they have definitive answers. In the meantime, they are operating under a combination of manual procedures and reduced capacity to minimize the overall impact on patients. While working to increase security, which the medical profession is doing, it’s important to look beyond your top identified mitigations to make sure that you’ve not left unaddressed attack paths, e.g, MFA on the workstations, but leave accessible (unprotected) network jacks in the conference rooms.
- Hospitals really need to isolate patient-facing applications from those, like e-mail and browsing, that are connected to the public networks.
Read more in