Issue link: https://nebusinessmedia.uberflip.com/i/1430606
wbjournal.com | November 22, 2021 | Worcester Business Journal 19 tech and cybersecurity company InfoSec Institute. Meanwhile, personal health information, like medical conditions or insurance settlements, sells for well over $300. Personal health information is more valuable because it can't be changed the way a credit card can, and criminals can use it to target victims with scams or fake insurance claims. Along with the appeal of health information, the pandemic has made healthcare organizations more vulnerable, as evidenced by DHHS's report showing almost every month last year had more than 1 million patients affected by hacks. e significant uptick in telehealth utilization, as well as more remotely working employees, has made the sector even more reliant on online services. Adding on staffing shortages, which have been particularly acute in the Central Massachusetts healthcare system, busi- nesses are struggling to both prevent and recover from attacks. "Identifying specifically which patient records were affected and which fields were available is very time consuming, and therefore costly," Forman said, refer- ring to the nearly seven-month process of determining which patients' records might have been accessed. UMass hired outside counsel and a forensic firm to help with the process. Forman said his team was working on introducing multi-factor authentication across the UMass Health system when the hack happened. Multi-factor authen- tication would have completely blocked the breach, he said, but its implementa- tion into the email system arrived about two weeks late. "We're looking to hire additional people," said Forman. "It's tough to find good people. ere's definitely a dearth of qualified cybersecurity professionals that are there in the marketplace." Forman said it's a matter of time for health care to catch up on cybersecurity. Multi-factor authentication is now fully implemented at UMass, which he said will be a silver bullet for avoiding similar attacks going forward. "Health care is probably behind an industry like the financial industry that's been regulated for a longer time, but it's catching up," said Forman. PEACE OF MIND SPONSORS Atlantic Charter Insurance/Sallop Berkshire Bank Celtic Consulting Central Security CLA (CliftonLarsonAllen LLP) Commercial Drywall & Construction Co. Inc./Commercial Pro Painting LLC Favulli Electric Garabedian Plumbing & Heating, Inc. ProCare LTC Pharmacy Superior Contracting Services, LLC Webster Five Ziegler NOTRE DAME HEALTH CARE 2021 EDUCATIONAL FORUM THANK YOU! To our sponsors for their generous support! PRESENTING SPONSOR PRODUCTION SPONSOR PARTNER IN CARE SPONSORS MEDIA SPONSORS The Catholic Free Press Worcester Business Journal WICN Public Radio FLOURISHING SPONSORS Fallon Health Mintz Risk Strategies Company SUPPORTING SPONSORS Avidia Bank Sisters of Notre Dame de Namur, US East-West Province notredamehealthcare.org We are also grateful to all of our contributors who made our 2021 Virtual Educational Forum a success. To learn how you can help support our mission, please contact Paige Thayer at pthayer@notredame healthcare.org or (508) 852-5800 x2509. could have been hours or days, said UMass's Chief Information Securi- ty Officer Bruce Forman. While the attackers didn't ask for a ransom, they had access to emails with information including insurance data, personal health information, and social security numbers. Similar information was exposed during ReproSource's attack on its network system, which lasted less than two days. Bruce Forman, chief information security officer at UMass Memorial Health Why healthcare is at risk e financial sector has topped the list as attackers' favorite, but health care may be giving it a run for its money. When they're not directly extorting money through ransomware or wire transfer phishing emails, cybercriminals can sell information to make money. Personally identifiable information, such as a credit card or social security number, sells for around $1 to $2 on the black market, according to Wisconsin UMass said it implemented multi-factor authentication, which will protect its digital systems from similar attacks going forward. *Still under investigation Source: U.S. Department of Health and Human Services Office of Civil Rights ReproSource Fertility Diagnostics, Inc.* Marlborough 350,000 10/08/2021 UMass Memorial Health Care, Inc.* Worcester 209,048 10/15/2021 UMass Memorial Medical Center Worcester 87,404 09/14/2020 Spectrum Health Systems, Inc. Worcester 14,750 10/20/2011 Community Healthlink Worcester 4,598 06/17/2019 Harrington Physician Services* Multiple locations 4,393 04/08/2021 Worcester Eye Consultants Worcester 2,634 06/07/2019 UMass Memorial Medical Center Worcester 2,387 05/05/2014 Adult & Pediatric Dermatology, PC Worcester 2,200 10/07/2011 Insulet Corp. Acton 1,469 10/17/2017 Family Health Center of Worcester Worcester 566 12/04/2020 Insulet Corp. Acton 506 04/29/2021 Leominster Dermatology LLP Leominster 500 09/13/2018 Baystate Family Dental, Inc. Worcester 500 05/04/2018 Individuals Breach Name Location affected submission date Cyber attacks reported by companies based in Central Mass. W H E A L T H C A R E F O C U S