LigoLab’s Enhanced Cybersecurity Solutions Give Customers Added Protection and Peace-of-Mind

Editor’s Note: This blog post was originally published on June 25, 2024, and has since been updated. 

A high-profile ransomware attack has shocked the healthcare industry, reminding lab leaders of the importance of strengthening an organization’s cybersecurity and risk management protocols to guard against costly and damaging attacks from nefarious actors. 

UnitedHealth Group, the nation’s largest healthcare insurance company, is still trying to fully recover from a damaging attack on its subsidiary Change Healthcare on February 21, 2024. 

Just this week, Change Healthcare began reaching out to providers, insurers, and other customers whose patient and member data were compromised in the attack.

The BlackCat ransomware group (also known as ALPHV) claimed responsibility for the attack, alleging the theft of more than six terabytes of data. The attack struck the Change Healthcare network and operations, disrupting hundreds of hospitals, pharmacies, and prescription drug services nationwide for weeks. 

In a first-quarter earnings report released in April, parent company UnitedHealth acknowledged a cost of $872 million due to “unfavorable cyber attack effects,” putting a number on the damage caused by the Change Healthcare attack. The most recent estimate is that the cybersecurity breach will cost UnitedHealth Group $1.6 billion this year. 

In May, UnitedHealth CEO Andrew Witty confirmed long-circulating reports that the company paid a $22 million ransom to restore the Change Healthcare system following the cyberattack. Witty disclosed during testimony before the U.S. Senate Finance Committee.

He explained that the hackers infiltrated Change Healthcare through a server that lacked multi-factor authentication (MFA). He also confirmed that the decision to pay the ransom was his, calling it one of the most difficult decisions he has ever made.

Witty expressed deep regret, offering a direct apology to the patients and providers affected by the disruption, as well as to everyone concerned about the security of their private health information.

Discover More: Is Your Lab Operation Vulnerable to a Cyber Attack?

A Growing and Disturbing Trend 

Ransomware attacks on healthcare organizations are not a new phenomenon. A study published by JAMA Health Forum in December 2022 found that the annual number of attacks targeting healthcare companies had doubled between 2016 and 2021.

The trend accelerated even further in 2023, according to the Office of the Director of National Intelligence (see link below for more details).

Discover More: Ransomware Attacks Surge in 2023

In addition to the Change Healthcare attack in February, Ascension, another high-profile health system (comprising 140 hospitals in 10 states), was also victimized on May 8, 2024. 

The breach at Ascension occurred when a worker accidentally downloaded malware that locked providers out of systems tracking and coordinating patient care, creating troublesome conditions for medical staff and compromising their ability to conduct routine safety checks while administering care.

Why Clinical Labs and Pathology Practices Are Especially Vulnerable to Ransomware Attacks

The truth is that healthcare providers, including clinical labs and pathology practices, are particularly vulnerable to ransomware attacks for several reasons.

High-Value Data: Medical records contain sensitive and valuable information, like patient identification, medical history, and financial details. This data is highly lucrative, incentivizing attackers to target healthcare organizations.

Critical Nature of Healthcare Operations: Healthcare providers require continuous access to patient records stored in laboratory information systems (LIS systems), electronic health records (EHRs), and related third-party services to deliver timely and effective care. This makes them more likely to pay a ransom quickly to restore access, making them attractive targets for cybercriminals.

Outdated Systems and Software: Many healthcare providers use legacy LIS systems and outdated software that may not receive regular updates or patches. For example, legacy LIS software systems often have known vulnerabilities that attackers can exploit.

Complex IT Infrastructures: Healthcare providers often operate complex IT environments comprising multiple systems and devices, many of which are not uniformly secured. This complexity can lead to security gaps, making it difficult to maintain consistent protection across the organization.

Insufficient Cybersecurity Measures: Historically, many healthcare organizations have underinvested in cybersecurity. Budget constraints, especially among smaller practices and laboratories, often result in inadequate protection and limited implementation of robust security measures.

High-Pressure Environment: The fast-paced and high-pressure environment in healthcare can lead to lapses in cybersecurity practices, such as staff failing to recognize phishing emails or neglecting to follow security protocols.

Given all these factors, it becomes clear why healthcare providers are vulnerable and why robust cybersecurity strategies have to be a priority. 

Discover More: Detailing LigoLab’s Laboratory Information System Cloud Readiness Plan

Protection Against Emerging Threats

Cyber threats continue to escalate, with attackers developing new ways to exploit weaknesses in healthcare systems. Independent clinical laboratories and pathology groups must stay proactive by partnering with their progressive lab vendors to implement up-to-date cybersecurity safeguards and continuously monitor their environments. Doing so helps protect against costly financial losses, legal exposure, and the long-term damage of reputational harm.

At LigoLab, we recognize the seriousness of these risks and actively support our customers in implementing strong preventive measures designed to mitigate them.

Discover More: Customizing LIS Systems for Specialized Laboratory Needs

LigoLab’s Security Stance

As a trusted laboratory information system software provider, LigoLab safeguards all data within its platform and its customers’ systems with the highest level of care, while maintaining full HIPAA compliance across its LIS lab solutions.

Backed by core principles like confidentiality, integrity, and availability, LigoLab’s information security program is built on securing data at every level. It’s aligned with industry best practices, continually evolves with updated guidance, and features a security team working closely with lab customers to ensure security policies are properly extended into customer software environments.

For more information about LigoLab’s Enterprise Java technology stack, platform architecture, and detailed technical policies and configurations, please refer to the Security Stance and Architecture document linked below.

Discover More: LigoLab’s Security Stance and Architecture

The following is covered in LigoLab’s Security Stance and Architecture document:

• Security Overview
• Secure Development
• Data Encryption and Storage
• Data Retention
• Network Security
• Audit Services 
• Endpoint Security and Access Controls
• Logging, Alerts, and Incident Response
• Backup and Disaster Recovery
• Network Security Checklist
• Architecture
• Cybersecurity Training Overview
• Business Continuity Plan Overview
• Threat and Vulnerability Management Overview
• Incident Management Overview

“Data security is important to all organizations, and our unique services make it an integral part of everything we do at LigoLab,” said Chief Operating Officer Gor Kalantaryan. 

Introducing LigoLab’s Enhanced Backup Services

In response to the growing cyber threats, LigoLab now offers Enhanced Backup Services. The services are designed to ensure all lab data remains secure, immutable, and easily recoverable. 

The Enhanced Backup Services include:

• Automated, regular backups to secure off-site storage
• Rapid restoration capabilities to reduce downtime during cyber incidents (~4hrs)
• Tailored support and consultation to customize backup solutions to your specific needs

The cost to implement these enhanced services starts at $300 a month, with the total cost based on the amount of data backed up. 

For more information about these services and what they would cost for your clinical lab or pathology practice, contact Support@LigoLab.com.

 “We strongly encourage all our customers to strengthen their defenses with these robust backup services,” said Kalantaryan. “The recent cyber incidents serve as a stark reminder of the necessity for reliable data protection and recovery solutions, which are crucial for maintaining the continuity and integrity of your operations.”

To provide additional support, we’ve included a list of Best Practices for Ransomware Mitigation at the end of this blog post.

“The guide was designed to complement LigoLab’s backup solutions and enhance a lab’s overall security posture,” continued Kalantaryan. 

LigoLab Partners with Law & Forensics to Offer Audit Services 

Security and regulatory compliance are crucial to ensuring an organization's cybersecurity posture is robust and resilient, so in addition to offering Enhanced Backup Services, LigoLab has also partnered with Law & Forensics, a global legal engineering firm dedicated to helping organizations identify vulnerabilities, mitigate risks, and achieve compliance with industry-specific regulations and standards.

“Law & Forensics is a team of experts that provides a comprehensive suite of cybersecurity audits and assessments tailored to an organization's unique needs and regulatory requirements,” said Kalantaryan, who encouraged all customers interested in learning more to contact LigoLab Support (Support@LigoLab.com).

Industry Insights: Regulators Are Rewriting HIPAA - Survival Guide for Clinical & Pathology Labs

Best Practices for Ransomware Mitigation

Below is a list of best practices for enhancing cybersecurity, specifically to mitigate ransomware threats:

• Regular Backups: Perform regular immutable backups of critical data and ensure backups are stored offline and encrypted.
• Patch Management: Regularly update and patch operating systems, software, and firmware to protect against vulnerabilities.
• Employee Training: Conduct regular cybersecurity awareness training for employees, focusing on phishing, social engineering, and ransomware threats.
• Email Filtering: Implement robust email filtering solutions to detect and block malicious attachments and links.
• Endpoint Protection: Use advanced endpoint protection solutions with anti-ransomware capabilities.
• Network Segmentation: Segment networks to limit the spread of ransomware and contain breaches.
• Incident Response Plan: Create and routinely update a ransomware-specific incident response plan.
• Access Control: Implement the principle of least privilege (PoLP) to minimize user access to only what is necessary.

Minimizing the Number of Records

• Data Retention Policies: Establish and enforce data retention policies to ensure that records are kept only as long as necessary for business or regulatory purposes.
• Data Minimization: Collect and retain only the minimum data necessary for business operations.
• Regular Audits: Conduct regular audits of data storage to identify and securely delete redundant, obsolete, or trivial data.
• Data Anonymization: Where possible, anonymize personal data to reduce the risk of exposure.
• Access Controls: Limit access to sensitive data to only those employees who need it for their roles.
• Encryption: Encrypt data both in transit and at rest to protect it from unauthorized access.
• Automated Deletion: Use automated processes to remove records in accordance with your data retention policy.

Two-Factor Authentication (2FA)

• Multi-Method Authentication: Offer multiple authentication options, such as SMS, email, mobile apps, hardware tokens, or biometrics, to support diverse user needs.
• Strong Authentication Mechanisms: Prioritize phishing-resistant methods like app-based authenticators and hardware tokens to enhance security.
• User Education: Train users on the importance of 2FA and how to use it properly.
• Backup Access Options: Provide backup codes or alternate 2FA methods in case the primary method becomes unavailable.
• Mandatory Enforcement: Require 2FA for all critical systems, including email, remote access, and privileged accounts.
• Monitoring and Alerts: Track and alert on suspicious authentication activity, such as repeated failed attempts.
• Regular Review: Periodically reassess 2FA methods to ensure they remain secure, effective, and up to date.
• SSO Integration: Integrate 2FA with Single Sign-On (SSO) solutions to streamline authentication while maintaining strong security.

Implementing these best practices strengthens your cybersecurity posture, reduces data exposure, and supports a more secure authentication environment.

Be Aware and Take the Proper Steps to Protect Your Lab Business

While it’s clear that clinical labs and pathology groups have inherent cyber vulnerabilities, if proper steps are taken to strengthen their cyber defense, these vulnerabilities can be lessened. 

Being fully aware of the threats and following best practices for mitigation are important first steps. Lab leaders should also strongly consider investing in additional security measures, such as LigoLab’s Enhanced Backup Services and the audit services offered by Law & Forensics.

Those interested in learning more should contact LigoLab Support at Support@LigoLab.com.