GILLETTE — Going from dealing with a ransomware attack to a pandemic in the past year has been a challenge for Campbell County Health’s information technology department.
“I would love to say that I believe in the morality of humans, but during this COVID response, we have not experienced that from a cyber side,” said Matt Sabus, vice president of IT for CCH, during a recent hospital board retreat.
“Health care has been targeted and they come at health care very hard,” he said.
The COVID-19 pandemic has only upped the stakes of ongoing attempts to breach hospital security systems, Sabus said, adding that “we are pretty much in a full cyber war.”
In fact, federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.
In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”
The cyberattacks involve ransomware, which CCH is familiar with since a ransomware incident that began in September 2019 that temporarily shut down CCH’s computer systems and interfered with operations for months. Since then, the organization has undergone an IT overhaul, updating systems and reinforcing its security.
“Where we’ve come to and where we were right after the cyber incident to now has been significant,” Sabus said.
As part of the revamped security efforts, CCH replaced many computers; retired, updated or archived more than 200 old servers; and emphasized securely implementing remote access to its systems. A multi-factor authentication system will be integrated within the next 90 days, Sabus said.
Also, CCH replaced its wireless system in the hospital and Sabus said it is working toward doing the same for the Legacy Living and Rehabilitation Center by the end of November.
Next-generation antivirus is an evolved form of antivirus protection that CCH is adding, where the program repeatedly scans and monitors the network for abnormalities, picking up on more subtle changes and red-flags than traditional antivirus software, Sabus said.
“That’s the level of evolution that has to happen to counter what the threats are today,” he said.
Increased cybersecurity training, annual education and spam testing — where fake spam messages are sent to CCH personnel to see who clicks on them — are becoming commonplace as the organization has emphasized security awareness since the cyberattack last year.
“At this moment in time, I’d say we’re like a bank,” Sabus said. “We have one main entrance and we’ve got a vault set up for all of our core stuff.
“Twelve months from now, we’re going to be like a jail.”
Although a bank is secure, it is still open. People can walk inside and go into different rooms. Money and valuables are safe, but the building is still accessible.
A jail is different. Entering any room, corridor, cell — even the facility itself — requires granted access. Even if one area is breached, the way to the next one is blocked off. Sabus said that is the level of security CCH is working toward for its information and cyber capabilities.
“That’s the architecture we’re looking to be at in 12 months,” he said.
CCH has made strides in its IT department following last year’s ransomware attack. Still, Sabus said, it has more progress to make over the course of the next year.
Among the advancements the IT department is working on are the continued development of its automated threat response, enhanced cloud services, bandwidth expansion and policy framework expansions.
To test whether the new security changes are truly up to snuff, Sabus said the department plans to run a penetration test. In that scenario, an outside company would be hired to try to hack into CCH’s cybersecurity system. The idea is for the test to reveal any holes in security and prove that it works as intended.
Since the pandemic began affecting hospital services in March and April, the hospital’s telehealth services have been expanded to adjust for the lack of inpatient visits.
Those services are expected to continue, but how they are used and how they can be improved is still being brainstormed.
“Where do we want to go long-term with it?” Sabus asked about determining how to move forward with telehealth. “What services (do) we want to apply? How can we utilize this technology and how can we make it more efficient?”
The next year will continue to see more changes to how CCH approaches its IT infrastructure and cybersecurity, whether those changes appear obvious to the layperson on the surface. As technology evolves while hackers become more sophisticated, those changes are needed.
“We work in the shadows,” Sabus said. “IT is not visible until it doesn’t work. It’s very easy for everybody to start thinking, ‘There’s nothing happening. There’s no work going on.’ That’s where I wanted to express that’s not true.”