Issue link: https://nebusinessmedia.uberflip.com/i/1430606
18 Worcester Business Journal | November 22, 2021 | wbjournal.com Insecure Aer two record- breaking cyberattacks, Central Massachusetts health care is facing an unprecedented threat BY KATHERINE HAMILTON WBJ Staff Writer I n October, two Central Massachu- setts companies reported cyber attacks, which broke the record for the largest-ever hacks on healthcare organizations recorded in the state. ReproSource, Inc., a fertility clinic in Marlborough, and UMass Memorial Health in Worcester experienced cyber breaches impacting 350,000 and 209,000 patients, respectively. Both organizations discovered the hacks in August and reported them in October, according to their individual releases. Until then, Massachusetts' largest cyber attack on a healthcare facility victimized less than 177,000 patients at Lawrence General Hospital, accord- ing to reports listed by the U.S. Department of Health and Human Services' Office for Civil Rights, which tracks these breaches. e healthcare industry has become an increasingly ap- pealing target to cybercriminals since last year, with Forbes reporting a 42% jump in healthcare breaches in 2020. As it muddles through workforce and resource shortages, Central Massachu- setts health care is facing an unprece- dented rise in cyber threats. A new look for cybercrime Cybercrime is ever-evolving, said Mike Mosher, director of technology at Worcester-based Cinch I.T., Inc. As busi- nesses build their defenses, hackers adapt to new methods of extorting money and information. Hackers are "making more money every year. ey evolve with the times," Mosher said. "ey're getting much more sophisticated." One of the areas Mosher has seen a huge change is hackers' abilities to send believable spam emails. Cybercriminals will break into a company's email ac- count and pick up the internal language of the organization. "Ten years ago, every spam email was poorly formatted, but we've seen with some businesses' email compromises, they get in and just watch the emails for a couple months," Mosher said. Once they understand the lingo, attackers can write a well-veiled spam email asking for sensitive information or requesting a monetary wire transfer. To most employees, the message will appear to authentically come from a higher-up. At UMass Memorial, hackers had ac- cess to employee email accounts between June 2020 and January 2021 for what Mike Mosher, technology director at Cinch I.T. UMass Memorial Health in Worcester had to hire outside teams to conduct a seven-month investigation of its 2020 cyber attack, which was discovered in August. UMass Memorial Health workers train on the Epic electronic medical records system, which was implemented in 2017. F O C U S H E A L T H C A R E PHOTO/EDDCOTE PHOTO/GRANT WELKER