Ransomware Activity Targeting the Healthcare and Public Health Sector
Alarming reports of cybercriminals targeting the healthcare sector with ransomware have caused widespread concern among healthcare providers. In a joint cybersecurity alert, the Federal Bureau of Investigation (FBI); the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) warned, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The recent threats have once again stressed the need for more robust cybersecurity measures.
Various tools and techniques are being used to lure victims into unwittingly revealing protected health information (PHI). Clinicians and employees in the healthcare sector must stay vigilant. Cybercriminals are reportedly using phishing emails with links that seem to be legit emails to lure victims and hold their data or systems hostage until a ransom is paid to a bitcoin wallet. The emails include links to websites which host the malware which may also be sent via an email attachment.
Cybersecurity Alert Recommendations
Basic Cybersecurity Suggestions
- Update systems, software and firmware as soon as patches are released by manufacturers.
- Change passwords to networks and accounts regularly and avoid reusing passwords.
- Look out for phishing emails from cybercriminals that may look legit.
- Create a cyber-incident response plan to ensure continuity of service.
- Identify critical assets such as medical records, telehealth and telework infrastructure, and create offline backups.
- Maintain offline backups and undergo regular tests.
- Make sure you know who to contact in the case of a suspected cyberattack.
Business Continuity Plan
CISA, FBI, and HHS encourage healthcare providers to minimize service interruptions by implementing business continuity plans which aim to maintain essential functions through emergencies.
Note that in the case of a ransomware attack, paying the ransom does not guarantee getting your systems or data back. CISA, FBI, and HHS do not recommend paying the ransom. To prevent this potentially catastrophic event from happening, start implementing precautionary measures. For technical details and guidance visit this link.
Other Cybersecurity Considerations
- Separate sensitive data from email servers by using a dedicated or separate server
- Configure antivirus solutions to do regular scans and download new software updates.
- Inspect accounts with administrative privileges and try to limit access controls whenever possible.
- Focus on employee awareness to prevent them from falling prey to cyberattacks.
Your TBHI Professional Training Options
TBHI specializes in teaching you how to relax when delivering telehealth. It offers you a step-by-step learning path of online training that helps you be legally and ethically compliant, clinically proficient, and able to handle even the most difficult of clinical scenarios. All courses are evidence-based, available 24/7 through any device, and most count toward legal and ethical CME and CE requirements for licensure. Two micro certifications are also available.
- Cybersecurity – a quick, 1-hour discussion of the easy things you or your staff can do tomorrow to make your practice safer.
- Telehealth Group Therapy — Exciting, highly interactive telehealth learning experience designed to get answers to your questions about legally and ethically managing telehealth group therapy. Digital class will allow you to connect with colleagues ahead of time to ask questions and share answers. Distinguished faculty will lead you through telehealth group therapy theory and exercises.
- Telehealth Clinical Best Practices Workshop — Live, interactive webinar, w/ 4 CME or CE hours to discuss preventing and handling complex clinical issues.
- Course Catalog
- Micro Certifications to give you a broader range of legal and ethical grounding, and allow you to distinguish yourself as a TBHI-credentialed professional on your websites, in social media, directories and other areas.