In late September 2024, the UMC Health System in Lubbock, Texas, suffered a ransomware attack that greatly affected its IT infrastructure. The attack forced the health system to divert ambulances and patients to other hospitals as its systems were offline. With UMC being the only Level 1 trauma center within 400 miles, the attack has shown the implications of cyber threats on healthcare services.
Details of the Ransomware Attack and its Impact
The ransomware incident began on September 26th, causing a complete shutdown of the UMC Health System’s IT network. Due to this disruption, emergency and non-emergency patients arriving via ambulance had to be redirected to alternative facilities. Clinics and some outpatient services remained operational but had to resort to downtime procedures, including a shift to manual record-keeping and reliance on paper prescriptions and patient histories. One of the most challenging aspects of this incident was the system’s inability to access medical data. Radiology services were impacted across multiple clinics, making it difficult for healthcare providers to deliver timely diagnoses and treatments. Patients were also told to bring physical copies of their medical records and prescriptions.
Response and Mitigation Efforts
UMC Health System quickly engaged third-party cybersecurity experts to assist in the investigation and remediation of the attack. As of September 30th, the health system had restored partial functionality, resuming some emergency patient services. Due to ongoing recovery efforts, it continued to divert specific cases to ensure that patients received the appropriate level of care without risking further disruptions from the ransomware incident. The health system has attempted to offer full transparency throughout the crisis, providing updates to the public regarding the ongoing status of the attack and system restoration. They have prioritized patient safety by using an approach in which they accept only patients they are fully equipped to handle.
Ransomware Trends in Healthcare
The attack on UMC Health System is a troubling trend in the healthcare sector, where hospitals and healthcare providers are increasingly targeted by ransomware groups. These cybercriminals exploit the nature of healthcare services, knowing that institutions are more likely to pay ransoms to regain access to their systems swiftly. The rise of double-extortion ransomware, where attackers both encrypt data and threaten to leak patient information, adds pressure on healthcare providers to comply with demands.For hospitals like UMC, the risks are not solely financial, as a ransomware attack can have consequences on patient safety, continuity of care, and result in life-threatening situations.
Preventative Measures
To lessen the risks of such attacks, healthcare organizations are told to implement a detailed approach to cybersecurity. This includes regular data backups, encryption, network segmentation, and monitoring for unusual activity. Regular staff training on recognizing phishing attempts, which are the first vector for ransomware, is important in preventing successful attacks. Full Industry efforts are also underway to strengthen cybersecurity in healthcare. A recent legislative proposal seeks to allocate funds for improving hospital cybersecurity, mandating the adoption of minimum cybersecurity standards and requiring stress tests to assess systems’ ability to recover from incidents.
UMC Health System’s ransomware attack proves that healthcare institutions are open to cyber dangers in 2024. Hospitals and health systems should be proactive with mitigation strategies to protect their patients data and provide adequate patient care.
