Tenet Healthcare Suffers A Cyber Attack

Tenet Healthcare Suffers A Cyber Attack

Today, we're going to get into two cyber-attacks on two healthcare, very large healthcare, entities. One of those is Tenet Healthcare. The other one's the American Dental Association. I'm going to let you know what happened on the other side, so let's get into it.

Tenet Healthcare, is one of the largest healthcare providers in the United States based out of Dallas, Texas. They released a press release stating that they are dealing with a cyber-attack as of last week. Cyber experts are starting to see a number of increases on top of increases around cyber-attacks that happen to companies, and here we have a large company. There are hundreds of small companies under attack right now. Let's remember that.

Tenet Healthcare is back to pen and paper, like all hospitals do investigating a cyber-attack. They shut down their systems as a precaution to try to remove or stop anybody from getting any further access to their systems. Experts don't have a lot of details on this, but we know that healthcare is a big target for cyber criminals. Large organizations like this that run multiple healthcare facilities are prime targets. They have a ton of endpoints, a number of computers that can be infected with something like ransomware and can cause the hackers to demand a huge amount of money to get your files back, get them unlocked, get operational again. You also have a treasure trove of data.

These groups like LAPSUS$ and other hacking groups, they care more about the data and what they can do with that after they get their hands on it, who they can sell it to, who they can extort with it, than what they can do about deploying ransomware. The cyber criminals have kind of figured out at this point that they don't need ransomware to get companies to pay them. If you steal data that's important enough, that data that should be protected, you're going to end up having to pay or you're going to end up trying to have to make a decision around, "Oh, is that the better option here than maybe option A, B or C?" Just paying these guys off to get them to go away. Cyber experts don’t recommend doing that in any sort of way.

Yet once you see it boiled down, as you see companies go through these ransomware events and the numbers start to add up, what has to be done starts to add up, the number that the cyber criminals throw at you initially starts to make a little bit of sense. It starts to say, "Hmm, well, $300,000," experts are not saying that's the number here with Tenet. Although, if you're a business owner and you do have access to $300,000 in cash and options A, B and C are going to cost you more than that, sometimes you need to consider these things, even though you shouldn't, because that's what makes the most business sense to do.

Unfortunately, you're dealing with smarter and smarter cyber criminals every day who get more experience with these types of attacks, know what they can and what they can't get away with and they know what number to come in with initially to try to get their most bang for the buck and they know where the floor is. Cyber criminals know what they're absolutely going to take as a minimum payment because they know your company and they know what you can afford. Couple that with maybe some ransomware insurance policies in place and these cyber criminals come at you with a lot of leverage.

Thus, this is another hospital organization here that has fell victim to a cyber-attack. Experts at this time don't know if it's ransomware. While, assuming that it is one that they had shut things down, but they are working with their doctor, their hospital staff, on making sure patient care gets delivered, but it is on pen and paper and using backup methodologies which nobody likes to do in any job when you're so reliant and dependent on technology. We have them being down.

Another medical practice is having the same problem with cybersecurity, American Dental Association, who is reeling from a cyber-attack. They have revealed on Friday, that they suffered a cyber-attack and they've been forced to take many of their systems offline. The ADA is coming out and saying that they are experiencing technical difficulties.

In the video, Xact shows an ad for HIPAA Compliance Checklist. A lot of these companies and a lot of these healthcare organizations, and if you're involved in healthcare, you're not afraid of HIPAA. Unfortunately, it takes events like this for HIPAA to get involved. HIPAA is very busy investigating breaches like ransomware attacks across thousands of organizations involved in healthcare. It's very hard for them to keep up, but these things rear their ugly head after the event, what we call right of boom.

This is why companies need to start paying attention to this stuff today. You need to, number one, step number one is have somebody come in and assess your environment, tell you where you stand today, where you can be cyber attacked and start to prioritize those things from top to bottom. Get the most important things out of the way first. A lot of companies don't do a good job with things like network segregation, two factor authentication, password hygiene or password managers, security and awareness training. These are things that should be at the top of the list, should be things that you put in place fairly easily, fairly simply, and they do a lot for cyber security and preventing attacks like this from happening.

The healthcare industry has been on alert for a long time for these things and there's no end in sight. Make sure you have the right team in place. Make sure you have enough resources in place for your size organization. These organizations are very large organizations, probably have to deal with HIPAA in some way, shape or form, and they need to do a better job of securing their networks. These are the things that are going to happen, large, small, medium, it doesn't matter. These cyber criminals want your data. They want to extort you for having it in their possession and that's the name of the game today.

In all, ransomware is almost dead, although it's a very effective tool. It's no longer needed by criminals to extort you for money, to cause a breach, to cause you to break violations, to break compliance regulations and potentially break walls, because you weren't doing enough to secure the data that you're entrusted to secure by your customers, by your patients.