Cyber attacks against health care systems are on the rise, putting sensitive patient data at risk and law enforcement authorities on alert.

Hackers penetrating networks and then demanding money for encrypted information is a growing trend. In February, Hollywood Presbyterian Medical Center paid a $17,000 ransom to attackers who had infiltrated and disabled the medical center’s computer network using “ransomware,” which encrypted data that the attackers held hostage. The data was made available only after the ransom was paid and the encryption key applied. The case remains under investigation by the FBI.

Keck Medicine of USC security experts have established multiple layers of protection to prevent an outside attack.

Staff members are the first line of defense. A common attack against an organization with sensitive data is a “phishing” email. This email will direct a user to a website or download an attachment that will infect their computer with malware that could spread throughout the organization’s network.

“Hackers are trying to lure victims in with something that appears urgent,” said David Loor, Keck Medicine of USC data security officer.

Staff members should never open an email or download an attachment from an unknown sender. The Keck Medicine IT Department and Service Desk will never request that you revalidate your account status via an email and/or web form. A source can be verified by hovering over web links or email addresses.

Another cyber attack can come in the form of a pop-up message on a user’s computer screen, saying that the system has been compromised and providing a phone number to call. An operator at the other end of the number typically asks for information and offers to provide remote tech support to fix an infected computer system.

Keck Medicine of USC uses a layered set of digital defenses to protect from attacks.

Forward suspicious emails to helpdesk@med.usc.edu and call (323) 442-4444.

An important step in combating potential attackers is for personnel to complete the online Cyber Security Awareness training provided by USC at https://itservices.usc.edu/security/awareness.

“This short training is our best defense against attackers,” Loor said.

Staff members can login using their USC credentials. The course takes about 45 minutes to complete.

— Douglas Morino