Connect with us

Health & Wellness

Brookdale Hospital Serves Patients Despite Challenging Circumstances

One Brooklyn Health Computers Taken Offline Due to Suspected Ransomware Attack

By Mary Alice Miller      
One Brooklyn Health is experiencing a suspected malware attack that has left patient records inaccessible.
One Brooklyn Health, a collaboration between Brookdale Hospital Medical Center, Interfaith Medical Center, and Kingsbrook Jewish Medical Center, took their computer workstations offline on November 19. For the past several weeks, medical staff has reverted to generating patient medical records via pen and paper.
Days after the cyber interruption began, One Brooklyn chief executive officer LaRay Brown released a statement that revealed the hospitals were experiencing a network disruption. “Immediately upon discovering the incident, we took certain systems offline to contain the disruption,” Brown said in the statement. “Our IT team is continuing to work diligently with the support of third-party advisors to ensure that our systems are brought back online as quickly and safely as possible and in a way that prioritizes patient care.”


Brookdale Hospital, located in high-poverty Brownsville, has persevered in providing high-quality health care despite not having access to patient records on the internet.
Because some patient interactions took place offline, Brookdale maintained contact with patients, reminding them of appointments and serving walk-ins. Patients who bring empty prescription bottles to the hospital can get refills of needed medicines. Patients given written prescriptions are told they must take their prescriptions to pharmacies outside One Brooklyn Health. Scheduled and emergency surgeries are taking place as usual, except patient records are generated in paper charts. Patient counseling that would take place via Zoom is being done over the phone.


“I am very concerned about the apparent cybersecurity attack at One Brooklyn Health, a network that includes Brookdale Medical Center, Interfaith Medical Center, and Kingsbrook Jewish Medical Center,” said assemblywoman Latrice Walker. “My first concern, of course, is for the health and safety of the patients since the outage affects the staff’s ability to access medical records, process patient prescriptions and lab results that are critical to patient care. “It is my understanding that law enforcement has been notified. I will be monitoring this situation very closely.”
Brookdale has a history of using best practices to protect its computer systems from attack. The hospital’s 1,700 employees receive monthly training to remind them to watch out for phishing emails. The reminders are ongoing, said one employee who was not authorized to speak. “Some staff is mandated for additional training,” said the staffer. “I was mandated twice.” In addition, large, multi-color posters are located around the hospital to remind staff, patients, and visitors of the risk of phishing and spear phishing attacks and how to prevent them.


According to the National Cyber Investigative Joint Task Force, a collaboration between more than 30 partner agencies, including the FBI, law enforcement, the intelligence community, and the Dept. of Defense, computer networks may become vulnerable to cyber-attacks due to old, out-of-date hardware and software, email phishing campaigns, brute force methods to obtain user credentials, and credentials purchased on the dark web to gain unauthorized access to victim systems to deploy malware and software vulnerabilities that cybercriminals can use to gain control of victim systems and deploy ransomware.
The FBI defines “ransomware as a type of malicious software, or malware, that encrypts data on a computer, making it unusable. A malicious cyber-criminal holds the data hostage until the ransom is paid. If the ransom is not paid, the victim’s data remains unavailable. Cybercriminals may also pressure victims to pay the ransom by threatening to destroy the victim’s data or to release it to the public.”   


The Joint CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) Ransomware Guide states, “Paying ransom will not ensure your data is decrypted or that your systems or data will no longer be compromised. CISA, MS-ISAC, and other federal law enforcement do not recommend paying the ransom. In addition, attackers have begun following their ransom demands to decrypt the data with a follow-on extortion demand to keep data private.”
The FBI urges victims to report ransomware incidents to their local field office or the FBI’s Internet Crime Complaint Center. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.
In the meantime, some staff and patients are quietly considering monitoring their credit reports for possible identity theft.
One Brooklyn Health is the latest in a series of hospitals, educational institutions, and municipalities in the greater New York area that cybercriminals have victimized. Brooklyn Hospital Center, Monroe College, and, most recently, Suffolk County have also experienced attacks on their computer systems.
Congress has taken action in response to the increasing occurrence of cyber-attacks against the government and non-profit institutions that provide critical services but have limited funding.

Advertisement


In 2021, Congresswoman Yvette Clarke, Chairwoman of the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, introduced the State and Local Cybersecurity Improvement Act (H.R.3138). The Act gives states, municipalities, and tribal organizations resources to help them strengthen their information systems and respond to cyber-attacks. This year, the Department of Homeland Security announced $1 Billion in funding for the new State and Local Cybersecurity Grant Program.
In a joint statement, Homeland Security Chairman Rep. Bennie Thompson and Rep. Yvette Clarke stated, “For years, throughout the country, we have witnessed state, and local governments fall victim to ransomware attacks that have disrupted essential public services. Investing in securing our digital infrastructure is a national security necessity, and all levels of government must partner to better defend against cyberattacks. We will continue to work to ensure that state and local governments receive the cybersecurity assistance they need. This funding is a vital down payment toward addressing our state and local cybersecurity challenges.”

Continue Reading