Healthcare professionals discussing cybersecurity and ransomware attacks

Healthcare industry seeks enhanced cybersecurity controls in the face of rising ransomware attacks

FBI warns of increased and imminent cybercrime threat

On Oct. 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a public alert warning about “an increased and imminent cybercrime threat” to hospitals and the healthcare industry as a whole. The alert comes after several cyberattacks on hospitals recently. Healthcare providers should conduct a risk analysis, assess their cybersecurity controls and prioritize data security safeguards accordingly for this evolving threat.

What you need to know

Cybersecurity incidents – such as ransomware attacks – have been a top risk for healthcare organizations in recent years. However, this specific “ransomware campaign” is particularly concerning as the FBI does not typically issue warnings such as these. The FBI has indicated it is tracking a credible threat to hold U.S. healthcare providers ransom through a ransomware cyberattack. The FBI stated the perpetrators may be planning more attacks that could potentially affect hundreds of healthcare providers.

Why this is important

The root cause of the vast majority of data breaches is a basic breakdown of cybersecurity process and controls. In a successful ransomware attack, a breakdown of the following security controls may occur: user security training, content blocking/alerting, authentication (passwords – lack of multifactor authentication), patch and vulnerability management, email malware monitoring, backup and recovery solutions, and incident response planning.

The potential impacts of a ransomware attack go far beyond the financial impacts, affecting the immediate operations and patient care mission of the organization. The longer-term impact damages the organization’s reputation and even its ability to continue as a business. Healthcare organizations must not only have the right controls and process in place to prevent a successful attack, they must also have established process for continually monitoring and testing these controls, including ensuring HIPAA compliance and aligning with OCR guidelines.

Steps to take now

Organizations should evaluate their cybersecurity controls and identify ways to improve them, enhancing data security safeguards and gaining assurance over control effectiveness. Take these steps now to mitigate cyber risk at your healthcare organization.

  1. Communicate with your employees immediately, and encourage them to be vigilant when clicking on links in emails or opening email attachments. Notify them of the recent phishing attacks on hospital systems, how to spot a phishing email and remind them to stay watchful and cautious.
  2. Implement multifactor authentication to make it less likely a bad actor will be able to access your systems.
  3. Keep patches up to date where possible and manage mitigating known vulnerabilities proactively. 
  4. Review your data backup and recovery solutions and procedures to ensure you have the right coverage in critical areas to minimize any potential downtime from these attacks.
  5. Have a plan in place for immediate response and recovery from a security incident. If your organization does not currently have a plan, meet with your IT team to implement one as soon as possible. If a plan is already in place, meet with your IT team to walkthrough the plan, review the steps, and ensure key team members and stakeholders (internal and external vendors such as attorneys, incident response providers, forensic consultants, etc.) understand their roles and responsibilities in the event of a cyberattack. It is extremely important to have contracts with external vendors negotiated and in place prior to an incident so you do not waste precious time negotiating terms, conditions and pricing while in crisis management mode.

The best defense uses proactive measures to defend against these cyberattacks. If you have questions or would like to talk to one of our cybersecurity specialists, contact our team.

Tree-lined campus sidewalk with lights
Next up

Clery Act update: rescission of and replacement for the 2016 Handbook