In today’s blog, cyber experts are going to go over a healthcare organization that was impacted by a cyber-attack. These experts are seeing this more and more in the healthcare world, and Xact I.T. is going to explain why this is important, why it should be a concern for a lot of people, and really why cyber criminals like to target companies that have things like protected health information. So, without further ado, let's get into it.
On May 4th 2022, Omnicell, a healthcare technology company revealed in a filing with the United States Securities and Exchange Commission that they recently fell victim to a ransomware attack. Omnicell is a multinational company that manufacture systems for automated medication management at healthcare facilities, as well as patient engagement software for pharmacies. When people hear this it might sound like they have patient information within their software, which is really, really not good. In its latest form on the 10-Q filing with the SEC, the company noted that some of its internal systems were impacted by a ransomware attack. Some interesting things are going on here, number one, PHI information, private health information is gold to a cybercriminal. What they can do with that, how much they can resell that for on the dark web, they get a pretty penny for that kind of stuff, depending on the validity of it and how much they get of it.
Meanwhile, the reality of it is you don't want that information out there on the dark web and floating around being freely traded. So that's why these kinds of companies are highly targeted and they should have really, really strong cyber defenses in place when they're dealing with this kind of stuff. The other thing is, this is a publicly traded company and publicly traded companies, they're really going to have to prove themselves when it comes to cyber security over the next couple months. What cyber experts mean by this is that the SEC is going to be requiring that publicly traded companies have a cyber security readout to their boards that are submitted with their quarterly filings which is a pretty big deal because this has never had to happen before. Xact I.T. has been a big advocate for a long time of cybersecurity being in the board room and not in the IT room.
It's been far too long before CEOs and business leaders are including cyber security experts and professionals in C-level type meetings and understanding what their threats are. Also, there was a bottom-up approach to this, where they were trying to get CEOs and other people to understand the importance of this. Thinking maybe they would take this stuff to the board but unfortunately that's not happening quick enough. So, the government's kind of taking things into their own hand and the SEC is saying like, "Look, the board has to get this information from somebody. They have to understand the threat landscape that is in front of them when it comes to cyber-attacks, cyber criminals, cyber gangs, they have to understand this stuff." As well as what the specific threats are in their industry, to their company.
These are all things that these cyber security readouts will provide boards and boards of directors, the people that sit on these boards. So they start to get an understanding of "Man, we're not doing enough. We need to dedicate more money to cyber security." Which inevitably is going to happen here and our CEO is, or isn't doing a good job with cyber security and evaluate the people on the staff. Quite frankly, is their IT department and the people in charge of their IT, their CIO, are they doing a good job? These are all things that these readouts hope to bring to light because a lot of this stuff gets swept under the rug. CIOs don't want to admit that they might or might not be doing a good job, or they might not be doing something. While then it never gets talked about and boom, they get hit with ransomware attacks.
All in all, this is what people should take away from this Omnicell healthcare technology company's ransomware attack, is that obviously they were hit with ransomware. There's a million ways that you can prevent it. You can go watch this You-Tube channel and learn all the different ways or most importantly, publicly traded companies, you've been put on notice, you must do something about cybersecurity or the SEC is going to come down hard on you and everybody. In the very near future, in a publicly traded company, your board will have to submit a quarterly filing to the SEC, detailing what you've been told about cybersecurity and not being told is not an option anymore.
So, if you have any questions about this drop them in the comments or go to our website, send us a message on our contact form. All the links to get in touch with Xact I.T. Solutions are on our website. We can help these publicly traded companies in a professional and timely fashion.