Health care providers in Massachusetts are working together to halt cyberthreats after attacks hobbled five hospitals throughout the country.
The cybersecurity team at Berkshire Health Systems, using detailed federal guidance, is protecting its information systems from new waves of cyberattacks.
“The threat isn’t just for health care, it is countrywide and probably beyond that,” said Bill Young, the chief information officer for Berkshire Health Systems. “We’ve been working with the FBI and Homeland Security. Cybersecurity is enhanced right now, but this is something we do all the time. We’re always keeping an eye on the bad guys.”
Young joined BHS in 2009 and developed an information technology strategy system that includes a Health Information Exchange throughout the Berkshires. Young added that he has a team in place that works around the clock.
“[Some of these attacks start with] emails that look like they came from the [Centers for Disease Control and Prevention] saying that they’re providing COVID-19 statistics, and it is just so easy to click,” Young said. “Once you do click, that is what fires off the ransomware.”
Ransomware, a form of malware, encrypts a victim’s files, computer or server before demanding a ransom to restore the data.
“A good thing in our industry is that we share data,” Young said. “Places that were hit are sharing data so we can stay protected. We’re staying on top of this because people in the Berkshires need to worry about getting the help they need, not their files getting hacked.”
Per Young, this is happening in health care, but anyone can fall victim to one of these cyberattacks, and it is recommended to keep computers and virus-protection measures up to date.
“We train all employees on a regular basis to triple-check email addresses. An email may look like it is from someone you recognize,” Young said. “However, you will hover over the email and realize it is really from a different address. If an email seems unusual, just delete it.”
Berkshire Health Systems receives information about what ports the cyberattacks are coming from, along with information on how to keep spam filters and firewalls up to date.
“The bad guys are using the pandemic as an opportunity,” Young said. “They try to find your focus and take advantage of the opportunity; that is why health care is the target.
“We want people to feel comfortable coming to us, and they should. These situations just highlight to be careful about what you click. A big way to stop these attacks is just training people, and these situations are a great way to educate. The attacks aren’t just happening recently; this is something we work to prevent all the time.”