Case Study: Hospital Network Avoids Debilitating Cyberattack at the Height of Global Pandemic

During the height of the global pandemic brought on by the aggressive spread of COVID-19, a leading hospital and healthcare network based in the Northeast was in search of a vCISO (Virtual Chief Information Security Officer) to fill a position on their information technology (IT) team. During this time, the organization was also in the beginning stages of the due diligence process as part of a potential merger with a similarly sized healthcare system.

The organization’s leadership was familiar with Withum from the current services the firm was already providing. Therefore, they were confident that Withum’s Cyber and Information Security Services Group (“Withum Team”) would provide the level of service and expertise required.

Hospital Network IT Challenges

The hospital faced two challenges prior to bringing on Withum to fill the vCISO role:

  • There was no dedicated Chief Information Security Officer (CISO) in place. The IT Team had someone acting in this role; however, this individual was also responsible for other duties within the organization. This limited the organization’s ability to be fully immersed in each aspect of its IT infrastructure.
  • The Compliance and IT Departments lacked a sound understanding of what each team does. These two departments should provide a checks-and-balances system to ensure that things are done accurately. However, Compliance lacked the full knowledge of what IT could deliver, and IT provided what it understood Compliance to be requesting.

Healthcare Network Cyber and Information Security Vulnerabilities

Taking on the vCISO role, Withum’s Team was able to assess the security infrastructure, identify control gaps, and shift the perspective of what is truly necessary to protect an organization of this size that stores so much patient PII (Personally Identifiable Information).

During the IT infrastructure assessment, Withum’s Team completed a series of standard tests, which resulted in the detection of a phishing attack launched during the pandemic’s height. This cyberattack hit when the healthcare system was most vulnerable – hospital resources were limited, tension was high, and patient care was of the highest priority.

Results from penetration testing, threat emulation, and cyber forensics revealed an incident response was imperative to protect the hospital system’s livelihood and the patients it served.

Healthcare systems are proven to be prime targets of cyber threats. Denial of access to time-sensitive patient data, hacked lifesaving medical equipment are possible results of a cyber kinetic attack, which causes direct and indirect physical injury and loss of life. As the average cost of a typical cyber breach hovers near $8.9M, the potential loss for the healthcare system during this time would have been astronomical, both financially and reputationally, through potential class-action lawsuits, regulatory violations and sanctions for loss of life.

Healthcare Network Cyber and Information Security Services Approach

Withum addressed each red flag within the organization’s IT and IT security framework due to the extensive background and experience of the Cyber and Information Security Services Group. To best solve the needs of the healthcare system, Withum’s Team divided the incident into four project phases:

  • Identification
  • Response
  • Mitigation
  • Solution

Phase I – Identification of Hospital Cyber Threat

The Withum Team performed a cyber forensic investigation. The cyber forensic specialist was able to trace and link the phishing email to its origin, a country in the Middle East, an area known to engage in cyberattacks against U.S. critical infrastructure, including healthcare. The email entered the hospital’s IT system through a trusted source, a third-party vendor the organization uses to fulfill nursing staffing needs. Withum’s cyber specialists identified that the attackers were attempting to expand the initial point of compromise surreptitiously and aggressively into other hospital accounts and systems. The attackers knew they could utilize the nursing supplier’s relationship with the hospital, the hospitals own systems and networks, and the distractions of a pandemic crisis against the healthcare provider.

Phase II – Response to Hospital Cyber Threat

Next, Withum’s Cyber and Information Security Services Group isolated the incident and compartmentalized the onset of intrusion. Withum’s Team identified the hospital’s legal counsel and law enforcement agencies as appropriate to ensure proper reporting, responses and actions took place.

Phase III – Mitigation of Hospital Cyber Threat

To properly understand the extent of vulnerability within the healthcare network, Withum performed an in-depth penetration test which included safely mimicking external hackers in an attempt to compromise the hospitals networks and systems. The Withum security testing revealed severe areas of weakness within the hospital’s infrastructure. Withum’s Team was able to take complete control of the IT environment, undetected, within a few hours. It’s important to consider that hackers with an intent to cause harm, with the same level of control gained by the Withum team, could have severely impacted the hospital’s patient care.

Phase IV – Solution to Hospital Cyber Threat

The cyber team deployed two computer devices to deliver real-time protection to the healthcare system in the future. The devices provide intelligent identification, scanning, probing and mapping of an organization’s network(s) devices and vulnerabilities.

Health Network Benefits of Proper Cybersecurity Assessment

The healthcare organization now receives real-time active and passive cybersecurity monitoring, alerts, auditing, incident response, cyber forensics and reporting to a secure, personalized account through Withum’s 24/7/365 Security Operations Center.

Withum’s Cyber and Information Security Services Group also identified areas of vulnerability and improvement for the third-party nursing staffing company, which resulted in strengthened IT processes and procedures for sharing information between companies.

Withum’s Team was able to create more value for the hospital and healthcare network as it moved forward in the merger process with a neighboring health system. Its IT infrastructure now creates greater confidence in the security of future patients’ PII.


Contact our Cyber and Information Security team.