The FBI and U.S. Department of Health and Human Services recently announced that they have credible intel suggesting cybercriminals are targeting healthcare providers and public health agencies with ransomware and malware attacks at an unprecedented scale. The two agencies joint-released a cybersecurity advisory that outlines the potential tactics “malicious cyber actors” may be planning as the U.S. healthcare system is overwhelmed with new COVID-19 patients.

What this Means for Hospitals and Healthcare Practices

PSM has taken steps to prevent these attacks, but all PSM customers need to protect their own networks as well. To avoid financial loss, data theft, and any disruption in healthcare services, all physician practices, clinics, hospitals, and public health organizations should be taking precautions to protect your networks within your own practice or clinic. A key threat is Trickbot malware, which has the ability to execute a variety of illegal cyber activities such as credential harvesting, mail exfiltration, crypto mining, point-of-sale exfiltration, and the deployment of ransomware.

Questions to Ask the IT Services Company to Ensure you are Protected:

1.     What steps are you taking to protect our cyber security?

2.     Are our backup systems in place and working well?

3.     Do we have a business continuity and disaster recovery plan prepared?

4.     Will you block all known sites that provide functionality to the malware? (List here)

5.     Are all of our operating systems, software, and firmware patch as soon as updates are released?

6.     Will you monitor endpoint detection on servers and workstations for changes in application and running services?

7.     Will you closely monitor all new account creations, especially those with administrator access?

8.     Do we use multifactor authentication everywhere possible?

9.     Do we have any configurations across any operating system version that has HPH organization-owned assets that our local users cannot fix due to having local administration disabled?

10.  Can we disable any unused remote access ports and monitor all remote access with RDP logs.

How to Educate your Staff to Boost Protection:

1.     Talk to your team about the heightened threat and remind them to be highly aware.

2.     Remind your staff to refrain from opening emails and/or attachments from unknown senders and be cautious even when opening emails from recognized senders. (See also: tips to prevent phishing attacks).

3.     Always use different passwords for different accounts. Do not reuse passwords.

4.     Establish a policy to prohibit use of personal email accounts on your networks to decrease risk.

5.     Ask your staff to let you know if they notice anything suspicious that may be related to an email or cyber incident.

Bottom Line: Now is not the time to neglect cyber security, healthcare organizations are targets of cyber threats     

As the coronavirus pandemic reaches new heights, physician practices, clinics and hospitals are stretched thin and uniquely vulnerable to ransomware/malware attacks. Upon the heels of the U.S. Department of Health and Human Services and FBI joint cyber security threat advisory, several hospitals have been hit with Ryuk ransomware attacks in recent days as reported by security expert Brian Krebs. Notably, the 400-hospital Universal Health Services system was attacked just a month ago, triggering a multi-day outage.

We always suggest that you work closely with your local IT company to review the security of your local IT network and to make improvements as needed. In light of heightened threat levels, it is more crucial than ever to take every precaution possible to protect your patient and staff data by preventing a devastating ransomware attack.