A ransomware attack on one of southeast Georgia’s largest healthcare systems exposed both staff and patients’ protected health information (PHI.) The Georgia-based healthcare system, St. Joseph’s/Candler (SJ/C), has 116 service locations across the state.
<p>The healthcare industry continues to be under serious strain, not just from the global pandemic but also by persistent hackers and insiders looking to exploit a tempting target: valuable PHI. This most recent incident, combined with the earlier breach of Renaissance Life & Health Insurance Company\’s customer PHI, emphasizes that healthcare operators need to reassess their security posture, as well as shifting their mindset, when it comes to safeguarding their data. </p>
<p>In particular, third parties remain a security liability which needs to be remedied urgently. Many in the healthcare industry are not taking the proper steps to mitigate third-party remote access and third-party vendor risk. This could seriously damage and expose organizations to misuse and non-compliance risk.</p>
<p>In addition, healthcare organizations must take care to evaluate how much privilege access they are granting to their partners and vendors, as this is often one of the main vulnerabilities which leads to misuse and data breaches. Only with a holistic approach, which includes a zero trust strategy and tools for monitoring access, can these threats be mitigated.</p>