[BreachExchange] Opioid addiction network stalls under cyberattack

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Thu Dec 16 09:28:34 EST 2021


https://www.digitaljournal.com/tech-science/opioid-addiction-network-stalls-under-cyberattack/article

A major health advocacy group in the U.S., an opioid treatment network
called the Behavioral Health Group (BHG), has suffered a cyberattack. The
extent of the cyberattack was so severe that it caused a week-long
disruption of IT systems and patient care.

The computer outage led to issues at several clinics, as patients were
unable to receive their prescriptions. BHG has not disclosed the nature of
the incident, however it is believed to be caused by a ransomware attack.

Some patients said that their clinics could not provide their usually
prescribed medicine. This was due to the computers being down and
pharmacists not being able to print prescription labels.

Looking into this latest cybersecurity incident (and yet another one to
behalf the beleaguered U.S. healthcare system) for Digital Journal is Josh
Rickard, Security Automation Architect at Swimlane.

Rickard begins by assessing the reasons why healthcare is so often in the
cybersecurity spotlight, which relates to the valuable stream of patient
data that can be extracted. Rickard also considers the impact, noting:
“When cyberattacks take place within healthcare organizations, victims have
not only potentially exposed data to consider, but also the general
wellbeing and quality of life as they pertain to those affected.”

The severity of the attack meant that: “In this case, the cyberattack led
to nearly a week-long upset of BHG’s IT databases that are directly
responsible for patient care. At several clinics, patients were unable to
obtain their prescriptions of methadone and suboxone, which are used to
treat narcotics addiction.”

This leads Rickard to strongly suggests that: “When it comes to the
healthcare system, it is essential that cybersecurity remains top of mind
to prevent attacks like the one on Behavioral Health Group from occurring.”

In terms of preventative measures, often a root-and-branch overview is
required. In this context, Rickard recommends: “To ensure that health group
patients, especially those dealing with addiction, are properly taken care
of and able to receive the help they need, organizations such as BHG must
implement the proper cybersecurity controls to guarantee that IT systems
remain up and running.”

Furthermore, Rickard suggests: “By leveraging the power of low-code
security automation, healthcare companies can detect and respond to threats
in real time without the chance of human error, ultimately upholding their
duty to provide the highest level of patient care.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211216/24dae122/attachment.html>


More information about the BreachExchange mailing list