Increase in Cybercriminal Attacks Targeting Healthcare Sector

The Board of Registered Nursing (BRN) has released some information regarding a recent advisory that was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), has been released (read the technical report here) to warn healthcare professionals and administrators of increased amounts of cybercrime directed at the healthcare sector and all facilities therein.

The CISA, FBI, and HHS are sharing this information to encourage healthcare providers to take timely and reasonable precautions and set up proper and up-to-date protection on their networks, as it is believed a very large and imminent attack is on the way.

The most recent findings have given credible evidence that the HPH Sector is being targeted by Trickbot and BazarLoader malware, which often lead to ransomware attacks, data theft, and even complete disruption of critical healthcare services.

In this time of COVID-19, where most hospitals and healthcare organizations are already scrambling and trying to keep up, there has been a rise in cybercriminal activities, making it difficult for institutions of all sizes to ward off attacks that have the potential to cripple some or most of their operation.

The Threat of Cyber Attacks

Cyberattacks are nothing new in the healthcare industry. Patient information provides a great deal of value to those looking to sell information for identity theft, and even if they are unable to acquire actual patient records, simply locking administrators out of their own system can be enough to get what is needed.

In most cases, ransomware will create problems for healthcare professionals when it comes to being able to access patient records, which can create a number of issues in an industry that is steadily moving towards an all digital filing system. By holding record access as hostage, and putting many patients who are in urgent condition in a  precarious situation, cyber attackers can almost always be assured that their demands will be met in order to get things moving again. If nurses and physicians can’t access core systems, such as labs, radiology, prescription history, or many other critical systems it becomes a very real concern that people might die.

Can Attacks Be Avoided?

The problem comes mostly from an industry that is largely moving to digital interfaces at all points (mobile computers, smart phones, tablets), but outdated software or preventative measures leave many systems wide open for an attack.

While there is no way to protect an online system 100%, there are ways to make it harder to take down, which can encourage a would be cyber criminal to move on to an easier target.

Some simple steps might include:

  • Just like with emails and online accounts, updating and changing passwords regularly is a good first step.
  • Make sure that all employees have some sense of digital literacy.
  • Keep organization software up-to-date, and if there hasn’t been an update in some time, consider updating to an actively maintained service.
  • Backup systems each night, so that in the event of a problem the recovery isn’t as bad.
  • Set up protocol so that hospital devices don’t automatically “trust” outside sources.
  • Set up device protections to limit how much outside access is allowed (things like certain websites, downloads, etc), or keeping it limited to just the pre-installed and approved medical apps.

Remember, more medical devices create more easy entry points for a cyber attack. It doesn’t matter if your medical tablet has patient data on or not. If someone, or a program, is able to gain access to the device through unprotected Wi-Fi, an email attachment, or a compromised website, then they can follow the dots to the larger network and create a serious problem. It only takes one compromised device to open up a whole network system for easy access.

It’s probably not realistic to expect all of your healthcare employees to be aware of all the online risks that come with having devices connected all the time. In order to get around this, many organizations are using MFA (Multi-Factor Authentication) and SSO (Single Sign-On) solutions to keep better control of what information is needed for users to login and do their job.

In the end, the cost of preventative security upgrades and solutions will always outweigh the cost and risk of being a victim of a ransom ware or data breach cyber attack.


Attorney Disclaimer

This blog is meant to provide information on current news and general information. It is not intended to constitute legal advice, nor is any attorney-client relationship established by its posting on this website. If you are facing a situation that involves your professional license, consult with a licensed attorney.