In this issue, we published the results of our State of the Industry on Laboratory Data Analytics. Thank you to all who responded to this survey. As can be seen in the results, numerous functions are managed electronically through laboratory information systems (LIS)—patient orders and lab results, patient scheduling, integration with analyzers, quality control activities, and billing, among other functions. Many of the readers of MLO work in labs that are performing millions of tests each year. Suren Avunjian, LigoLab CEO told our author, “Implementing electronic processes is vital if the lab has any significant operational volume and it is looking for efficiency to retain and keep its current customers happy, plus has plans to grow its customer base, expand its test menu, and increase throughput.”
While labs are trying to implement electronic processes to keep up with test volumes, maintain customer relationships, support a strong quality assurance program, etc., they also have to deal with cybersecurity issues. The healthcare sector is one of the most targeted industries by cybercriminals. Recently, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a memo warning that the hacktivist group ‘KillNet’ is actively targeting the healthcare sector. KillNet is known for its distributed denial of service (DDoS) attacks, which blocks legitimate users from accessing information systems, devices, and networks. Recent healthcare organizations affected by this group include Cedars-Sinai, Duke University Hospital, University of Michigan Health, Washington University School of Medicine, among others.
Healthcare organizations are also the most targeted in ransomware attacks. Per the HIPAA Journal, healthcare ransomware attacks in the United States were estimated at $21 billion in 2020. As I write this, in today’s news, Highmark Health suffered a phishing attack that impacted 300,000 individuals and their private information. Highmark discovered that one of its employees was sent a malicious link that led to their email account being compromised.
Phishing emails are one of the most prevalent ways to spread ransomware in healthcare organizations. These emails trick the reader into clicking on a link or opening an attachment that allows cybercriminals to gain access to the employee’s computer and begin the process of installing and executing the ransomware program on it.
More than 80% of data breaches involve a human in some way. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) provides the following basic guidelines for individuals’ routine technology use:
- Think before you click: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
- Update your software: Don't delay — if you see a software update notification, act promptly. Better yet, turn on automatic updates.
- Use strong passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts.
- Enable multi-factor authentication: Requiring more than a password and enabling MFA makes you significantly less likely to get hacked.
I welcome your comments and questions — please send them to me at [email protected].
