UMass Memorial Health Care in Worcester, Mass., took action in early November to prevent cybersecurity incidents after the federal government warned of foreign hackers targeting hospitals.
The health system placed inhibitors on external links and began scrubbing external incoming emails. It also quarantined all emails with attachments and suspicious emails. Several hospitals were hit by ransomware and other malware in September and October, with the hackers typically entering the system through emails.
"When emails come in to the 14,000 people in our system, the best thing we can do is educate them about phishing attacks," said Robin Sodano, vice president and interim CIO. "We spent time educating our providers, blitzing communication streams and telling people to think before they click. We also placed scanning software that checks links against known malicious actors and malware types before releasing the emails to our caregivers."
The health system has not completely shut off external email, as some other health systems, including Columbus-based OhioHealth, have done, to minimize business disruption. Earlier this month, UMass made sure all operating system patches were updated and network and desktop-level updates were run as well.
The health system has about 1,000 caregivers working from home during the pandemic and has kept pace with antivirus software and monitoring, allowing caregivers to continue to work remotely in a secure environment.
The recent string of ransomware attacks accelerated UMass's multiyear cybersecurity program, which began three years ago. "Our plan remains intact, but we may move some of the steps around," said Ms. Sodano. "We had a five- to seven-year plan built out, and we will be bringing on a variety of new capabilities and personnel to fill a variety of roles as we move forward. We are looking at what areas will benefit us the most in the future based on the current crisis and taking this opportunity for the pure infrastructure and information security teams to work more collaboratively."
Ms. Sodano said the IT and information security teams have always worked together but are collaborating more closely now than ever. The infrastructure team has suggested some creative ideas to solve cybersecurity issues, some of which have been used by the health system. The IT team is also partnering with other departments to help them understand why ransomware attacks threaten patient care, including medical records, lab services and outpatient services.
"It's easy to be scared by ransomware and cybercrime, but helping our caregivers understand what they can do to prevent them is important," said Ms. Sodano. "One of the biggest satisfiers for me has been that the rest of the team understands what we're trying to do. They don't think that IT is just a bunch of people in the back room; they realize everyone has a role in providing care to our patients. Five to 10 years ago, most caregivers thought tech wasn't part of what they do, but it really is now. It's woven into everything we do, so everyone needs to include it in how they do their work to care for our patients."