Cybersecurity is a key focus for Vermont’s system of non-profit hospitals as they gathered last week with experts to discuss threats and mitigation efforts in response to increased cyberterrorism activity across the globe. Hospital leaders included CEOs, chief medical officers, chief information officers, communications experts, emergency department leaders and others. The group, convened by the Vermont Association of Hospitals and Health Systems (VAHHS) featured American Hospital Association’s John Riggi, who is senior advisor for cybersecurity and risk for the American Hospital Association and a highly decorated FBI veteran, and Samantha Baltzersen, Federal Bureau of Investigation’s cyber squad supervisor at its Albany headquarters. It is the third meeting of its kind since 2019 and is designed to share information, best practices and critical resources for hospitals large and small to manage cyber threats, which are increasing in frequency and sophistication, according to a news release May 12.
Hospitals not only have to contend with threats directed at their organizations, systems and equipment, but also attacks against business partners and third-party vendors. Hospitals verify that these vendors are compliant with the law and data security best practices, but these companies can also be victims of data security breaches.
One such vendor, CaptureRx, a Texas-based vendor that contracts with hospitals and pharmacies – including many of our Vermont hospitals—announced a breach recently. CaptureRx will be notifying all impacted individuals by mail in the coming weeks in all 50 states. Patients should wait to receive a letter to know if they have been affected. If a patient receives a letter and has questions, they can call the CaptureRx service line at: (855) 654-0919 toll free, Monday-Friday, 9 a.m.-9 p.m. EST.
“Hospitals here in Vermont are investing significant human and financial resources to shore up systems to protect against attacks that not only lead to the exposure of personal information, but also to disruptions in care, which can have devastating consequences,” said Jeff Tieman, president and CEO of VAHHS. “We are determined to keep up the fight to ensure Vermonters are protected and when breaches do happen, that they are provided information and resources to safeguard themselves and their families. This work is made more difficult as cyber-attacks are more prevalent than ever before.”
Hospitals and health care vendors are not the only targets. Just this week, a cyber-attack against the Colonial Pipeline, a 5,500 mile long oil pipeline that carries oil from Houston to New York, was disrupted by ransomware, causing fears of gasoline shortages. And in Washington, DC, the police department has also been attacked and criminals are threatening to release information that could put lives at risk. According to the New York Times, they are the 26th government agency to be hit since the start of the year.
“You may read about cyberattacks on large organizations and think that won’t happen here in Vermont, but we know it has, and it will again. The result is that our ability to effectively take care of our patients can be impacted, and that’s what keeps me up at night,” said Kate Pierce, chief information officer and chief information security officer, North Country Hospital. “We take the security of our patients’ health information very seriously and every reasonable precaution is in place to protect it. If a breach occurs, there are carefully designed plans for immediate response to minimize impacts and speed recovery.”
Tieman also stressed that there is a role for all of us to play in protecting our organizations from attack.
“Many of these attacks begin with phishing emails to staff who unwittingly open attachments, click links or forward sensitive information that appears to be from a colleague,” he noted. “It’s critical that we all be more careful and do our part. For our part at VAHHS, we’ll continue to keep this issue top of mind and provide leaders with the latest tools and information.”