Back to BlogRansomware in Healthcare: After-the-Fact is Too Late
This blog post was based on the article “180k Impacted by Data Breach at Michigan Healthcare Organization” published by SecurityWeek Network.
It’s frustrating to hear this kind of news. In December, a data breach disrupted systems at Cherry Health, Michigan’s largest federally qualified health center. After a 3-month investigation, Cherry Health determined that perpetrators had gained access to personal and health data for more than 184,000 individuals. Ransomware was suspected and later confirmed in government filings.
If, as it appears, the breach first became known when providers at Cherry Health lost access to critical systems, that means the cybersecurity team was behind before they could even get started. And they had a lot of work ahead of them. First priority was regaining access to systems so patient care could resume. Cherry Health says they hired third-party specialists to investigate the incident. Recovering from a breach involving ransomware adds an extra burden on people across the organization as they’re called on to assess the damage, implement mitigation plans, respond to regulators and the media, reschedule patients, draft required reports, and send out notifications.
The costs associated with this particular incident may never be known. Statista estimates that as of 2023 the average cost of a data breach in the United States was $9.48 million, and it keeps going up.
It’s so frustrating, because it didn’t have to be this way. Healthcare organizations that use Blumira are detecting suspicious activity in minutes rather than days or weeks, and responding instantly even after everyone has left for the day.
Here’s How Blumira Helps
Early detection – Blumira SIEM + XDR uses advanced threat intelligence and machine learning to identify suspicious activity in real-time. Long before a disruption can occur, Blumira alerts users to the initial stages of a ransomware attack. This might include unusual network traffic, lateral movement, or attempts to exploit a vulnerability. IT teams also use decoys called honeytraps to lure and expose attackers. Fast detection means they can take immediate action to prevent ransomware from spreading and encrypting files.
Automated, intelligent incident response – As soon as a threat is detected, Blumira automatically isolates affected systems, blocks malicious traffic, and notifies responsible personnel. Every detection comes with a step-by-step playbook that takes the guesswork out of response and mitigation. Automated response and isolation gives IT and cybersecurity teams time to investigate threats before they impact operations or expose critical data.
Support and threat hunting – Blumira SIEM + XDR is a robust security solution that’s easy to set up and use. Behind the scenes, a team of experts and security professionals continuously track new threats and fine-tune detections. Blumira also supports users with a 24/7 security operations team that helps to analyze findings and advise on next steps. Healthcare companies don’t need to hire expensive consultants to implement and tune the platform, or to investigate an incident.
Compliance – In healthcare, data protection, regulatory compliance, and cybersecurity are inextricably linked. Blumira supports the administrative, physical and technical safeguards contained in the HIPAA Omnibus rule. The platform improves an organization’s overall security posture, reducing the risk of a breach or ransomware attack. Blumira also collects all the data you need for compliance audits and automates reports.
Protect Your Organization with Blumira
Clearly Cherry Health would want to be in the news for something other than a major, damaging ransomware attack. Healthcare organizations don’t make the news by detecting and thwarting attacks, and they get very little attention for going on with business as usual. That’s a good thing.
If the Cherry Health story has you up at night wondering if your organization could fall prey to a similar incident, contact us to find out how Blumira can help. We’ll get you up and running quickly so you’re confident that your people, systems, and data are protected.