Just over a month after federal agencies sounded the alarm about a wave of damaging ransomware attacks targeting health care systems across the country, Texas Children’s own network environment has remained secure from cyber threats thanks to a coordinated effort mounted and led by the Information Services (IS) team.
Even before this most recent ransomware threat emerged, Texas Children’s had taken a holistic approach to keeping our network safe – relying on the vigilance of our workforce, enhanced digital security capabilities, continuous proactive monitoring by the IS Security Operations Center, and unwavering executive support, according to Assistant Vice President Teresa Tonthat.
But as hospitals and medical facilities nationwide scrambled to protect their networks from disruption in the past few weeks, our IS team partnered with Operational Resilience to quickly initiate their well-established Incident Response Command structure. This kept our leaders informed about potential impacts to operations if a ransomware attack did occur.
IS also collaborated with colleagues throughout the Texas Medical Center to stay abreast of the rapidly evolving tactics that threat actors were using and measures to prevent them, and leveraged high-fidelity intelligence data about the ransomware threat from trusted partners.
“At the end of the day, our team is not only in the business of cybersecurity – we’re in the business of enabling patient care for children and women,” Tonthat said, acknowledging that Texas Children’s may fall victim to a cyberattack at any time and must always be prepared to maintain operations, with or without digital connectivity.
“When an attack does occur, we need to remain resilient and continue to provide safe, quality care.”
Taking action to secure our systems
Ransomware locks a computer system to prevent the owner or organization from accessing data until they pay a ransom. Federal authorities announced in late October that malicious groups in Eastern Europe were targeting the U.S. health care sector with attacks to produce data theft and disruption of health care services.
To secure Texas Children’s network amid this serious threat, IS worked diligently to enhance our security capabilities by confirming all access to web-based e-mail and file storage sites are blocked, implementing multi-factor authentication and password rotation of privileged accounts, hardening our data backup and restoration capabilities, creating access to Microsoft 365 in case of a disaster, and taking new steps to protect Epic – one of the organization’s most critical applications.
Two strategies were particularly effective and will continue to improve and enhance network security in the days and weeks ahead. The first involved upgrading our remote VPN technology to allow IS to validate security health of all devices connected to our network remotely.
The second strategy was the deployment of a button within Microsoft Outlook that allows any Texas Children’s team member to easily report suspicious or potentially dangerous email messages with a simple click of the mouse. IS provided instructions for the Phish Alert Button and details about which emails to report in a recent newsletter.
Making cybersecurity a priority
Promoting cybersecurity awareness among Texas Children’s workforce was a priority for IS well before the large-scale ransomware attacks began. Since 2017, the team has run a quarterly and occasionally monthly phishing campaign to remind our employees how important it is stay vigilant about potential threats.
In the campaign, IS sends a phishing simulation email that contains a link. The email is designed to look suspicious and raise red flags that should alert our workforce of the possibility of phishing, and prevent them from clicking the link as instructed.
In the most recent phishing campaign deployed in October, only 0.4% of more than 19,000 recipients clicked the link in the email – the lowest rate since the campaign began three years ago, when 18% of recipients clicked the link in the first phishing simulation email.
“We ask our workforce to embed security into their day-to-day practices, as we do with quality. Make it part of our DNA,” Tonthat said. “We need to remain vigilant and adopt smart cybersecurity practices in our personal lives, as well.”