Health Systems' Strategies for Digital and Catastrophic Emergencies: Preparing for the Unforeseen Adversities

In a significant cyber incident, Memorial Hermann Health System in Houston faced a ransomware attack that took down 1,300 servers within a 15-minute span. The attack, believed to have originated from a phishing email sent by a homeowners association, occurred in October 2020.

Despite the widespread disruption, the health system's critical services, such as radiation oncology treatment, continued by using an isolated interim environment. This resilience was a testament to the health system's preparedness and the importance of having contingency plans in place.

Prior to the attack, Memorial Hermann had been conducting ransomware exercises since 2018 to evaluate extended downtime procedures. Adam Lee, the director for emergency management and organisational resilience at Memorial Hermann, led a two-year effort to map critical processes across departments for 30-day operation sustainability.

Traditional disaster recovery plans, which assume quick restoration from backups and resumption of operations, proved inadequate during the ransomware attack. Instead, the health system had to replace 5,500 compromised endpoints and implement new security tools to secure their system and understand the attack.

New tools such as CrowdStrike's Falcon EDR platform, Rubrik's immutable backups, and Zscaler for cloud-based security visibility were implemented during the crisis. These tools provided the necessary visibility and control to manage the attack and secure the system.

The health system's Epic electronic health record system was offline for four weeks due to the attack. During this time, paper-based workarounds proved inadequate, highlighting the importance of digital infrastructure in healthcare environments.

Denial-of-Service attacks, like the one Memorial Hermann faced, can cause major problems in healthcare environments, where technology is crucial for patient care. As technology continues to evolve, so too do cyber threats. Ransomware, in particular, has shown a significant evolution and is expected to continue.

Cybersecurity expert Kim emphasises the need for a change in thinking and processes as we immerse ourselves further into virtuality. He warns healthcare leaders to watch out for insider threats, ransomware, denial-of-service attacks, and social engineering as top cyber threats. Social engineering, with the rise of deepfakes, is a growing concern.

Meanwhile, the University of Vermont Health Network's nonclinical workforce shifted to remote work during the COVID-19 pandemic. This shift, while necessary, further highlighted the importance of robust cybersecurity measures in the digital age.

In the aftermath of the attack, Memorial Hermann continues to strengthen its cybersecurity measures to protect against future threats and ensure the continuity of its critical services. The health system's resilience during the ransomware attack serves as a valuable lesson for other healthcare organisations facing similar threats.

Health Systems' Strategies for Digital and Catastrophic Emergencies: Preparing for the Unforeseen Adversities