PROVIDENCE, R.I. (WPRI) ─ As Rhode Island’s second-biggest hospital group works to mitigate an apparent attack on its computer system, an information security expert tells Eyewitness News it’s not the only health care provider being targeted by criminals during the coronavirus pandemic.
Nicholas Tella, director of information security at Johnson & Wales University, said the outbreak has made hospitals easy prey for cyber criminals.
“Hospitals have been targeted especially because of the COVID crisis because there is so much going on, so much information being passed back and forth,” Tella said. “Chaotic times are being taken advantage of by cyber criminals.”
Care New England owns Women & Infants, Kent and Butler hospitals, and is also one of the state’s largest employers.
In a statement Wednesday, Care New England President and CEO Dr. James Fanale said a forensic investigation had so far “not found any evidence indicating that this incident has resulted in any unauthorized access to patient information.”
Fanale said despite having to shut their computer system down completely, patient care has been minimally disrupted, though a spokesperson confirmed radiology and chemotherapy services have been affected. Employees have transferred over to paper systems for the time being.
“CNE will continue to provide patient care as we address this incident,” Fanale said. “As always, patient care and safety is our priority. We will keep our partners updated as the investigation continues and as we work to restore access to affected systems.”
Tella said while a data breach would be worth big money to cyber criminals, it isn’t nearly as bad as what he thinks has occurred.
“If it’s a data security incident where operations were disrupted by ransomware, that’s even more devastating, because that could affect patients and their care,” he explained.
At this point, Tella said the cyber criminals have likely already moved on to their next target, meaning employees, patients and other hospitals should be on high alert.
“The most vulnerable part of a network is the people,” Tella said. “It’s not some sophisticated, technical way that they hack you. They always focus on us, the end user, who’s always the weakest link.”
Tella said cyber criminals are likely to attack organizations through phishing scams such as emails that contain links or files.
He said just one person clicking on a link will effect the entire workplace network, and based on the information available, this is likely the case with Care New England.