Lessons learned from a cyber attack

Daniel Nigrin of Boston Children’s Hospital lived through a multi-level attack on hospital services. He hopes others can learn from his experience.
By Gus Venditto
10:16 AM
Share
Hacker

It's every security officer's worst nightmare: a cyber attack. IT departments spend years of planning to guard against an attack. But what is the reality? Hackers don't follow a rule book.

Daniel Nigrin, MD, chief information officer at Boston Children's Hospital, learned about cyber attacks firsthand. His hospital was targeted by hackers who were unhappy about medical decisions made by a doctor in a case that had political overtones. The attacks affected the hospital on multiple fronts and lasted over a week. Floods of malware, denial-of-service and attacks on public ports were all part of the assault.

The response needed to operate on multiple levels. A crisis team was formed to monitor developments and make critical decisions, some of which involved the need to turn off non-essential services.

With the attack safely behind Boston Children's, Nigrin has been generous in sharing his experience so that other healthcare providers can become better prepared. He has distilled his advice into a presentation, "Lessons Learned from Boston Children's: When Hacktivists Attack Your Hospital," which he shared with the audience at the Healthcare IT News Privacy & Security Forum this past March.

[Register: Responding to a Cyber Attack: Lessons Learned from Boston Children's Hospital]

Nigrin has now agreed to share his presentation in a webinar that Healthcare IT News is making available to all interested HIT professionals. It is scheduled to take place on Nov. 17, 2015 but it will be made available in a recorded archive for later viewing. Click here to register. If you attend the session when it's presented live, you'll have the opportunity ask questions.

Nigrin has a number of specific recommendations which should be part of every healthcare provider's security operational procedures. But the critical point he wants to make sure everyone hears: "As an industry, we've got to pay closer attention to these threats, and prioritize our efforts against them, far more than we have done in the past."