The healthcare industry is under siege as cybercriminals take advantage of the COVID-19 fueled stress to attack and compromise medical centers' data. Learn how to defend against these ransomware attacks, which have gained the Joint Cybersecurity Advisory's attention and should capture yours, too.
In a recent release, the Joint Cybersecurity Advisory, which consists of the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), issued a warning to Healthcare and Public Health Sectors. The advisory was created to inform healthcare professionals of the increasingly aggressive attacks by cyberhackers whose goal is to infect healthcare organizations' systems with ransomware and hold them hostage.
Ransomware occurs when a hacker uses malware to gain control of your systems, making your data inaccessible to you. Once your data is under their control, they hold it ‘hostage’ and require a ransom be paid for them to release it; hence the ‘ransom’ in ‘ransomware.’ The first step regarding ransomware is to not pay the ransom. There is no guarantee they will actually release your data, and once you pay them, they will likely target you again. The only real protection is having immaculate backups in place and preventative protections.
Cybercriminals are well aware of most healthcare systems' stress as they address the COVID-19 pandemic. Hackers know that stress can lead to security best practices being relaxed.They use this to compromise healthcare systems and hold them hostage. They hope that due to the pandemic's challenges, many healthcare institutions would rather pay the ransom than risk losing valuable time trying to fight off the attack.
Most importantly, medical data is precious to cybercriminals because it contains a wealth of sensitive information that can be used for various nefarious schemes including identity theft. Medical data is one of the more profitable types of data that is exchanged on the Dark Web. They know healthcare organizations would be willing to pay to avoid the regulatory fines that come with a data breach.
When large institutions such as hospitals are attacked, the first assumption is that a coordinated cyberattack broke through their firewall and gained access to their systems. In reality, the hackers are using the most popular method to compromise a system, social engineering. Most malware comes in through benign phishing emails.
While phishing attacks are usually coordinated, they rely on stealth and not brute force to access your system. Security protocols are designed to resist brute force attacks; cyberattacks that capitalize on human error like phishing often fly under the radar.
According to the Joint Cybersecurity Advisory release, two instances of malware are currently being used via phishing to target healthcare organizations, Trickbot and BazarLoader/BazarBackdoor. However, system administrators should be wary of and train their team to recognize any phishing attempts.
Phishing attacks are effective because they target a person’s natural desire to be helpful or deceptive about mistakes. This can result in the person breaking protocol to solve a problem or correct an error. Once a target clicks on a link or provides credentials, the hacker can gain access and, in the case of a ransomware attack, gain control of the entire system and hold it hostage.
Phishing emails can appear as average, legitimate business correspondence about essential tasks requiring the recipient's attention. Due to the pandemic, your team may not be as vigilant at detecting these types of threats. A well-trained staff can help prevent ransomware from gaining a foothold.
Keep in mind that these are not the only ways that ransomware can be spread, they are just the tactics that have been sighted recently.
Ransomware is only effective if your data is irreplaceable. As long as you can retrieve your data, the cybercriminal has no power over you or your business, provided that they can’t access your data directly. Here are some best practices to reduce the risk of ransomware and other cyber threats.
We can’t emphasize how critical it is to your organization to have a backup and recovery (BDR) plan in place. BDR is more than just insurance for your data; it’s insurance for your business’ future. You need to have a plan if you want to have a chance to protect your organization from a ransomware attack.
The Ransomware Response Checklist is a great resource to help your team develop a plan; however, it is a generic one. South Dakota is a unique environment. For example, we have some of the most robust data security laws in the country, with fines up to $10,000 a day. To be HIPAA compliant in South Dakota, you will need a more personalized approach to cybersecurity.
South Dakota has a large number of rural clinics. These clinics are prime targets for this type of attack because hackers assume that rural hospitals are less likely to have robust security protocols in place due to their limited budgets. As such, this advisory contains critical information for our rural clinics and hospitals.
While this advisory is focused on the healthcare sector, all Rapid City businesses can and should take advantage of the warning it offers. Now is the time to develop not only a ransomware plan, but a plan to ensure your data can survive any disaster, whether man-made or natural.
KT Connections is Rapid City’s premier technology expert. We understand the needs of South Dakota businesses and offer a wide array of IT services and support. We’re well-versed in the healthcare sector's needs and offer services such as HIPAA compliance and Electronic Health Record systems (EMR).
As this notice shows, cybercriminals aren’t taking a break during this pandemic. While sometimes it’s better late than never, it can be too late to protect your system and data from cyberattack. Now is the time to harden your organizations against these types of attacks. Call KT Connections today at 888-891-4201 to schedule a consultation.