Experts: cybersecurity threats against Pa. hospitals intensifying

Top Stories

HARRISBURG, Pa. (WHTM) — The technology company Check Point has released new data, saying that in the last three months, ransomware attacks in the U.S. have increased by 98%.

Health care institutions are suffering from increased vulnerability during the pandemic and have become the most-attacked sector in the country.

The recent notable cybersecurity attacks in the Commonwealth have been againt Meadville Medical Center and Universal Health Services.

But experts at Information Network Associates say hospitals are under attack right in our backyard.

“I know those attacks are happening here in Pennsvylania,” said John Sancenito, president of Information Network Associates. “Local hospitals are dealing with these cyber issues.”

Criminals are going after a large number of patient records in consolidated databases.

Their goal is to resell information, including banking accounts, or hold records hostage, until they get a payout.

“If that data is unavailable to them, meaning it’s been encripted by a ransomware attack, they’re more likely to pay to get that information back because they need it immediately,” said Sancentio.

ABC27 reached out to local health care systems and asked if the’ve experienced cyber threats or attacks.

Penn State Health did not comment.

Geisinger Holy Spirit and WellSpan both specified they haven’t been the victim of ransomware attacks, while the rest chose not to answer directly.

UPMC Pinnacle said it’s implemented “technologies and processes—including training for all employees–to help thwart such efforts.”

Penn Medicine told us it doesn’t disclose cybersecurity measures taken on an ongoing basis, but said it does “maintain a constant state of readiness that’s focused on protecting the health, safety and privacy of our patients.”

Geisinger Holy Spirit added it’s continually gathering intelligence that helps prepare for potential attacks, and WellSpan health said its team is focused on prevention tactics.

“You can have all the greatest cybersecurity measures in the world, but if someone clicks on an attachment, or if somebody downloads a file, or if somebody connects a device to a computer, they can bypass all those measures,” said Sancenito.

During the pandemic, many IT system upgrades weren’t completed and improvement projects were put on hold.

So, while hospitals were under attack before, those efforts have intensified.

More people are working at home, often meaning there are less safeguards are in place.

“They may be working off of unsecured networks,” said Sancenito. “They may be transferring files differently than what they did before, using email and other things.”

The Hospital Association of Pennsylvania tells us it utilizes national resources to work with hospitals.


Experts say the weakest link in the cybersecurity chain is the person.

Sancenito says a lot of people are attacked without even knowing it, so it’s important to educate yourself on which attacks are happening the most.

There are a lot of resources, like the website

All you do is put in your email, and no other personal data, and it tells you if your email has ever been compromised.

The key is: once you know you’ve been breached, change your password and use different passwords for different accounts.

In this video, Sancenito discusses three things businesses can do to prepare themselves for threats:

Information Network Associates says one of the latest ransomware variances is called Ryuk, and it’s hitting a lot of schools, health care institutions and private businesses.

Copyright 2020 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Top Stories

More Top Stories

Latest Videos

More Local

Don't Miss