- Products
- Solutions
- Company
- Resources
By Greg Sallis
The recent ransomware attack against CommonSpirit Health has caused a stir in the healthcare industry. The attack resulted in a massive data breach, exposing the personal information of thousands of patients and employees.
This incident underscores the importance of cybersecurity in the healthcare sector and how they must prepare organizations to protect sensitive data from malicious actors.
In this blog post, we will discuss the details of the CommonSpirit Health ransomware attack, how they could have prevented it, and the importance of data redaction in mitigating the risks of a similar attack.
What Happened?
CommonSpirit Health operates more than 700 care sites and 142 hospitals in 21 states, providing high-quality healthcare for millions of patients.
On October 5, the organization confirmed an “IT security issue” as a ransomware attack. Threat actors gained access to portions of the network between September 16 and October 3, potentially compromising patient and family members’ data.
The U.S. Department of Health data breach portal confirms that threat actors gained access to the personal data of 623,774 patients. The attackers may have accessed files containing names, addresses, phone numbers, dates of birth, and unique ID numbers used internally by the organization. Fortunately, they did not get their hands on medical record numbers or insurance IDs.
CommonSpirit quickly reacted to the attack and mobilized to protect its systems, contain the incident, begin an investigation, and maintain continuity of care. The organization also notified law enforcement and is supporting its ongoing investigation.
How To Prevent This Attack?
What could have CommonSpirit done to avoid this attack? Let’s explore some possibilities.
Update All Systems
One of the most effective preventative measures was to ensure that all systems are up-to-date with the latest security patches and software. They should do this regularly to ensure the patching of any vulnerabilities.
Train Employees On Security Protocols
In addition, it is important to train employees on proper security protocols, including avoiding suspicious emails, using strong passwords, and not using public Wi-Fi networks. These steps could have helped reduce the chances of a successful attack.
Implement Redaction
Finally, organizations should consider redaction to reduce the risk of an attack. Redaction involves masking or removing sensitive data from documents before them sharing publicly. Let’s look more into it.
What is Redaction and Why is It Important?
Redaction is the latest, most effective method to secure data and prevent ransomware attacks. Here are two reasons why it is making massive waves in the data security industry:
Reduces Risk of Exposure
Redaction helps reduce the risk of exposing information to exploitation by those looking to harm. With the increasing prevalence of digital media, organizations need to use redaction to safeguard sensitive material.
Removes Identifying Information
Redaction can help prevent cyberattacks by removing identifying information from documents and emails before sending them. This process ensures hackers won’t be able to access confidential information if they intercept the material.
Redaction: The Future of Ransomware Prevention
Organizations should take steps to train employees on the importance of redaction and how to use it. As we have seen, redaction is as close as we can get to a fool-proof ransomware prevention strategy.