Hospital remains vigilant amid new cyber threat

Hancock Regional Hospital conducts regular training to make sure employees are sensitive to the dangers of cyber intrusions through emails. Submitted photo

GREENFIELD — It’s been nearly three years since Hancock Regional Hospital paid online hackers $55,000 to regain access to its computer systems.

Officials say the hospital’s network is now more secure than ever, but cyber attacks remain a constant threat.

In early November, hospital officials received an FBI warning that a criminal group from eastern Europe was targeting health care organizations in the United States with ransomware attacks.

The FBI urged all hospitals to take “timely and reasonable precautions” in preparation, said Hancock Health CEO Steve Long, and Hancock Regional has responded by beefing up its internal safeguards.

“Our defenses now are very, very good,” Long said just before Christmas.

“Other hospitals (on the East Coast) have been hit, and we are, as you would expect, very, very well prepared for those kinds of things…. We are as prepared as anyone out there,” he said.

While the ransomware attack three years ago was a targeted attack, the current attack the FBI warned about seems to be broader in scope, Long said.

To ward off the current threat, Hancock Health has implemented a temporary system in which emails containing suspicious links are sent to a queue and screened manually by IT staff.

“It’s really not more than a couple dozen emails a day, but any one of us on the IT staff can check that queue and pass them on if they’re OK,” said Bob Havens, information security analyst for Hancock Health.

Those emails are a drop in the bucket compared to the tens of thousands of emails blocked by the hospital’s internet security gateway each day.

“We block one thousand to five thousand emails an hour,” said Havens, who has worked on the hospital’s information technology team for the past 16 years.

“The bottom line is it’s an area that requires constant attention, and I think we’re doing very well. Hancock Health has put the right resources in the right places,” he said.

“That’s not to say that we couldn’t get hit again, but we’ve been doing a lot of the right things.”

Havens, who started working in the IT field in 1963, has been amazed at how sophisticated online hackers have become over time.

“It’s unbelievable. It’s something that I’m not sure when we’ll ever get a handle on,” he said.

He thinks the lessons Hancock Health’s IT department learned in the 2018 ransomware attack has put the hospital in a great position to ward off future attacks.

“We learned a lot, and we’ve got better tools and better monitoring now,” he said.

For years, Hancock Health has trained employees on the dangers of email phishing, the fraudulent attempt to obtain sensitive information through emails.

“We do monthly phishing training through email, and we do quarterly security training for everybody,” Havens said. “I think we’ve got a high level of security awareness. It can never be high enough, but we’ve done quite well.”

Cyber hackers are starting to use artificial intelligence to craft dangerous emails whose intent is more difficult to detect, he said. The best defense is making staff aware of what to look for before opening any link or attachment.

All it takes is one click on a dangerous attachment to infect the entire system, he said. That’s exactly what happened when hackers released malware into the hospital’s system on Jan. 11, 2018, freezing up more than 1,400 files for two harrowing days, until the ransom was paid on Jan. 13.

As they have for years, the Hancock Health internal IT team works with Pondurance, a downtown Indianapolis cybersecurity firm, to ward off constant cyber security threats.

“(Pondurance) is a command center that is working 24/7, and we’re one of the (networks) they watch,” Long said.

“They’re watching over us 24/7 with actual people, because one of the lessons we’ve learned is that people are actually much more effective at protecting you” than computer-generated security systems, he said.