Cyber News: Ransomware Targets the Healthcare Industry

It’s no secret that cyber criminals have been taking advantage of the COVID-19 pandemic to target unsuspecting businesses and individuals. Ransomware and phishing attacks are at an all-time high. Users are more vulnerable and exposed while working from home using unsecured networks. In the latest cyber news, it’s clear that the healthcare industry is the prime target of attacks. “Cyber attacks are exposing personal health data, ransomware is disrupting essential health services and shutting down emergency rooms, and fraudulent emails are defrauding partners, patients and staff.” A total of 59 U.S. health care providers or systems have been impacted by ransomware this year alone.

What do we know about the situation?

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH Sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services. These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.” CISA.gov

Furthermore, federal agencies warn the public that cybercriminals could unleash “a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking. In a joint alert, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.” Madison.com

Why is the healthcare industry an easy target for ransomware and other cyber attacks?

Unfortunately the healthcare industry has a long track record of being unprepared for data-privacy and lack of security, largely due to inconsistent levels of cybersecurity education and very low IT budgets. This huge gap and known weakness is why healthcare is one of the most breached industries in these past few years. According to Healthcare IT News: “Many health IT and infosec teams still don’t have adequate insights about where their data lives, or even whether it has been exfiltrated or otherwise compromised.”

Health Informatics can’t stress enough, “Chronic underinvestment in cybersecurity has left many so exposed that they are unable to even detect cyberattacks when they occur. While attackers may compromise an organization within a matter of seconds or minutes, it often takes many more weeks – if not months – before the breach is detected, damage is contained and defensive resources are deployed to prevent the same attack from happening again.”

Most common threats to healthcare IT include:

• Malware and ransomware: Cyber criminals use malware and ransomware to shut down individual devices, servers or even entire networks. In some cases, a ransom is then demanded to rectify the encryption.
• Cloud threats: An increasing amount of protected health information is being stored on the cloud. Without proper encryption, this can be a weak spot for the security of health care organizations.
• Misleading websites: Clever cyber criminals have created websites with addresses that are similar to reputable sites. Some simply substitute .com for .gov, giving the unwary user the illusion that the websites are the same.
• Phishing attacks: This strategy sends out mass amounts of emails from seemingly reputable sources to obtain sensitive information from users.
• Encryption blind spots: While encryption is critical for protecting health data, it can also create blind spots where hackers can hide from the tools meant to detect breaches.
• Employee error: Employees can leave health care organizations susceptible to attack through weak passwords, unencrypted devices and other failures of compliance.

What our network partners have to say about this issue…

Perch Security

“Perch Security is actively engaged and is monitoring for all Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) that have been released from this report, as well as anything related to the associated threat actors in general. We are releasing this bulletin to inform the Perch community that we are fully aware of the threats posed and are taking proactive measures.

This advisory highlights the threat actors behind Trickbot and Ryuk. Trickbot is both the operator of a large botnet and the name for the malware that they deploy. Ryuk is a group operating one of the largest Ransomware-as-a-Service (RaaS) gangs in the world. Throughout 2020, these groups have become closely involved with each other. We are actively reviewing and threat hunting throughout all user data for any indications of compromise related to these threat actors.”

We strongly encourage all Perch community members to review the best practices and preventive measures outlined in the CISA report!

StorageCraft

“Healthcare’s Cybersecurity Problem: Since healthcare facilities have electronically protected health information (ePHI) for every patient in their care, it’s easy to see why they’d be a target for cyberattacks. What cyber villain wouldn’t want to get his or her hands on such large troves of sensitive data? While government regulations like the Health Insurance Portability and Accountability Act (HIPAA) require healthcare providers to beef up security—and threatens fines for those who don’t—there’s still a lot of room for improvement.

In fact, a report by Protenus revealed that 41 million patient records were breached in 2019. This year, even big healthcare industry names like Universal Health Services have been brought to their knees by sophisticated ransomware attacks.” View the original blog post for tips to fight back!

Barracuda

“Why healthcare is being targeted: Healthcare is a high-value target because the data is so important to the stakeholders. Hancock Health paid $55,000 to unlock their systems after a successful attack in August. Hackensack Meridian Health paid a ransom to unlock their systems after a five-day shutdown that caused at least 100 surgeries to be rescheduled. Some health systems have refused to pay a ransom, choosing instead to recover on their own.

In addition to the value of the data, there are foundational problems in healthcare systems that make them an attractive target.

• Legacy and Custom Equipment
• Unmanaged IT
• Compliance Distractions”

At Computers Nationwide, we strongly believe that an ounce of prevention is the best practice for protecting your business and private information from cyber attacks!

All healthcare organizations are encouraged to maintain business continuity plans that will keep them afloat during cyberattacks. Similar to everyone being required to wear masks and wash our hands extra during COVID-19, good IT hygiene strategies are vital for keeping your organization secure:

• cyber security training and best practices for employees and other end-users
• maintain updated systems, software, and firmware
• encrypt sensitive data
• regularly change passwords and use multi-factor authentication
• back up data often
• identify critical data assets and create backups offline;
• monitor remote access
• implement a cyberattack response plan
• implement a data recovery plan

Click here for CISA, FBI, and HHS combined list of best practices!

Is your facility ready to start taking proactive measures against cyber threats? Don’t wait until an attack happens – stop the cybercriminals in their tracks!

We want your business to thrive, employees to experience maximum up-time, and operate as efficiently as possible. Computers Nationwide is here to make sure your network’s security is automated, protected and on alert 24/7 during the pandemic and beyond!

As your preferred Managed Service Provider, we’re here to set you up with the strongest and most reliable Managed IT and Managed Cyber Security from our network partners. Let’s connect: (847) 419-9900.

Read our recent blog posts for more information:

• 10 Things Business Management Needs To Understand About Cybersecurity

• Cyber Hygiene Best Practices for a Secure IT Infrastructure

• Top 8 Cyber Security Blogs from Computers Nationwide