In a recent podcast interview with Cybercrime Magazine's Host, Heather Engel, Scott Schober, Cyber Expert, Author, and CEO of Berkeley Varitronics Systems, discusses the recent breach of Ardent Health Services and Epic, a widely used hospital electronic medical records management system. The podcast can be listened to in its entirety below.
Q: Welcome, Scott!
A: Hey, great to be with you, Heather.
Q: Scott, today we're talking about Ardent Healthcare's breach of Epic, a widely used hospital electronic medical records management system. Can you take us through this story and tell us what happened?
A: Yeah, absolutely. Well, this is an interesting one, because, again, hospitals have been victimized and targeted in the past, and this is really no different. But the fact that they were really targeting Ardent Health Services and the fact that they operate about 30 hospitals and 200 care sites, and so on and so forth. They're a pretty big network.
And here in New Jersey, everybody's very familiar with them, and it's kind of scary when they're targeted - the ER because what they really had to do in a blink of an eye, and this was on Thanksgiving Day. They went from electronic and digital records to handwritten records, and for a hospital that are midst emergencies and patients coming in and out on this critical time, that could be the worst-case scenario.
Q: Yeah, you mentioned that this happened on Thanksgiving. Is there any significance to that date?
A: It's interesting. If you look at Thanksgiving, people typically spend time with their families. It's one of the most traveled, busiest days, of course, for airline travel, but people also tend to eat a lot. When people eat a lot, they get sick. They have more heart attacks, accidents, drink a little too much, whatever the case may be. So ERs are loaded with people on Thanksgiving Day, and then following that, Black Friday, the big shopping day. So, ERs are packed. So if you talk about timing for hospitals to get hit with ransomware attack. It could not be worse timing than this.
Q: Yeah, that's an interesting correlation that I don't know that I've heard before. Why is this breach significant? I think a lot of our listeners might not be familiar with Epic as an EMR if you don't work in the industry. Can you tell us a little bit more about that?
A: Yeah. Well, I think if you look at days in the past, many hospitals were very reliant upon written records and charts and everything else. And here, certainly throughout Arden and throughout New Jersey. Here, the hospitals are 100%. Digital. They really don't have any paper records. So that's one thing. And then, when you look at the actual Epic system, and how it's all interconnected, it's all networked together. So if it goes down, it could take out many hospitals, as in this case. Here, they're operating some 30 hospitals and 200 care sites, and there's other providers, about 1,400 others that are kind of aligned. And it's not just isolated here in New Jersey. It's also New Mexico, Texas, Oklahoma, Idaho, Kansas. So, lots of states, a lot of these hospitals network and connected into this system. And that's good for efficiency and sharing information, and preventing problems. It's really bad when some of the hospitals get attacked by ransomware because it could be crippling.
We'll be right back after a quick word from our sponsor.
Cimcor develops innovative, next-generation file integrity monitoring software. The CimTrak Integrity Suite monitors and protects a wide range of physical network cloud and virtual IT assets in real-time, while providing detailed forensic information about all changes. Securing your infrastructure with CimTrak helps you get compliant and stay that way. You can find out more about Cimcor and CimTrak on the web at cimcor.com/cimtrak. That's C-I-M-C-O-R.com/C-I-M-T-R-A-K.
And now, back to the podcast.
Q: So, on that note, what are some things that healthcare systems and EMR systems can do to prevent attacks like these?
A: That's a difficult one. But there are some basic, best precautionary things they should all be doing, and most of them are doing this, but some of them are not doing it enough, I guess, and probably first on the list is just the training and awareness aspect. And we've talked about this before, and we hear it all the time. But simple things, such as just training staff because they're all again digitally interconnected and using emails and sending files. Understand and realize the risks of a phishing email. If something looks suspicious, a link or an attachment, and even having some of that awareness training regularly just keeps employees on their toes and keeps them focused. So they're not too tempted to click on the wrong thing, because once they do, they'll give in to the latest attack vector or latest threat. And next thing you know, you have a situation like this where malware comes downloaded, and a ransomware attack starts.
Probably the next thing I always recommend, and this is true for really corporate America, but certainly for ERs, and most of them have them, not all do, is really a regular backup plan in place for all the critical data to make sure that they're storing it offline in a secure environment, and it should be an immutable backup. So, it basically means it can't be altered, or it can't be destroyed. And one other little caveat I always mention, too: Have you regularly tested your backup restoration procedure? You got to do that. Just like, you know, maybe your house is on a generator. It has to be tested once a week, just to make sure it starts and it's running properly. Same thing there. You need to test that backup regularly to ensure that data integrity is there, and it's available. And oftentimes, that part is overlooked by many. Even these large ERs that are so dependent upon it.
Q: It would be one thing to have your backups and think that you can count on those in an emergency, and then it's a whole other situation if you find that your backup is corrupted, or that it's not usable.
A: Yeah, absolutely. And I'm sure, as this story continues to be investigated and unfolds, my guess, my gut, is telling me when it first happened, probably an innocent employee clicking on an email attachment or something of that sort that really started the process. Or, you know, bring your own device to work. They brought in their own device, and they're sharing things they probably shouldn't have, be it their smartphone or tablet or laptop on their break, and it's mixing with the actual network there in the hospital. And now, suddenly, voila! You've got problems.
Q: Well, Scott, this has been a really interesting conversation. Is there anything else you'd like to add?
A: Well, I encourage people, don't get sick and don't go to the hospital unless you really have to, because you may or may not get served. But I think one thing that helps us reflect upon, we appreciate all the things that people do, certainly in the medical community, but at the same time, we realize how vulnerable they are and how sad it is that cybercriminals are, in essence, targeting hospitals, especially this time period of year, knowing that they could really extrapolate the most ransom demand because people are desperate. And they did say they paid some undisclosed amount for the ransom. But how sad that that certainly is! And I think the catastrophe is all the things that happen after the fact. How many patients have been turned away from emergency care and had to be rushed to another hospital? We don't know, but the negative impact of this affects people's lives, and that part, I think, is tragic. And we just all have to do a better job at fighting back against these cybercriminals.
Q: Scott, thanks for joining us on the podcast today.
A: Thanks for having me.
