How Boston Children's Hospital defended against a cyberattack

In April, Boston Children's Hospital was hit with a string of cyberattacks that attempted to crash the hospital's website.

The attacks were allegedly perpetrated by hacktivist group Anonymous in response to Boston Children's Hospital physicians' diagnosis and treatment of a 15-year-old girl in a well-publicized case.

The hospital learned of the planned attacks about three weeks before they happened, giving senior vice president and CIO Daniel Nigrin time to prepare. The hospital prepared a series of countermeasures, and was ready to take every IT system offline to protect patient data, according to a report in CIO magazine.

When the hackers launched their offensive in April, the hospital was ready and able to handle the first round of Distributed Denial of Service attacks — attempts to overwhelm the Boston Children's server and make its websites inaccessible to legitimate users. However, the attacks escalated, and Mr. Nigrin was forced to take down the hospitals' websites, shut down email systems and call in third-party security vendors for help, according to CIO.

To maintain hospital functions, physicians and staff began relying solely on a TigerText secure messaging system the hospital had recently implemented, a switch that was communicated in person. The hospital's EHR system and other internal IT systems were able to stay on, but the e-prescribing system, which communicated outside the hospital's walls, had to be quickly shut down, according to the report.

Mr. Nigrin told attendees at a recent HIMSS conference the experience emphasized the necessity of having alternatives to email so hospital operations can continue in the face of an attack, and to know which IT systems are connected to the Internet and therefore vulnerable to external attack. He also stressed the importance of having a well-trained, dedicated staff ready and willing to switch to new workflows and procedures in the face of an attack, allowing countermeasures to be quickly implemented.

The attacks slowed after a front-page article in The Boston Globe prompted other activists to call on the hackers to stop. However, it taught Mr. Nigrin "we're not above these kinds of attacks," he told CIO, and stresses the importance for all hospitals to have counterattack measures in place.

More articles on cyberattacks:

Dems call for Congressional hearing on CHS data breach
10 most-read health IT stories from August
10 ways to bolster healthcare data security

 

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months