Imminent Cyber Threat to Hospitals | MJM Advisory and Educational Services

A recent Becker’s healthcare article highlighted current cyber activity aimed at hospitals. COVID-19’s third wave of infections across the country has placed hospitals in the target zone of various cyber criminals.

The ransomware requests with this outbreak far exceeds prior demands for funds. There is evidence that some hospitals have been asked to pay millions of dollars.

In a joint alert sent Wednesday evening, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the U.S. Department of Health and Human Services (HHS) said they have “credible information” that cybercriminals are taking new aim at healthcare providers and public health agencies as the coronavirus pandemic reaches new heights.

WHY IT MATTERS

In their cybersecurity advisory, the agencies offer some detailed insights into the potential tactics that might be used by bad actors planning fresh incursions on the U.S. healthcare system as many hospitals are overrun with new COVID-19 patients.

“CISA, FBI and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” officials said. “Malicious cyber actors” may soon be planning to “infect systems with Ryuk ransomware for financial gain” on a scale not yet seen across the American healthcare system.

The agencies suggested hospitals, practices and public health organizations take “timely and reasonable precautions to protect their networks from these threats” – which they said include targeting with Trickbot malware, “often leading to ransomware attacks, data theft, and the disruption of healthcare services” just as hospitals are also hard-pressed to respond to a third wave of the COVID-19 crisis.

The FBI noticed new Trickbot modules grouped under the name Anchor in 2019, the agencies said, “which cyber actors typically used in attacks targeting high-profile victims.”

In addition to a long list of various technical attack techniques and indicators of compromise, CISA, FBI and HHS offered some basic suggestions for how hospitals and healthcare organizations can shore up their defenses to help protect against ransomware and other cyberattacks:

Patch operating systems, software, and firmware as soon as manufacturers release updates.
Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix, due to having local administration disabled.
Continually change passwords to network systems and accounts and avoid reusing passwords for different accounts.
Use multifactor authentication where possible.
Disable unused remote access/Remote Desktop Protocol ports and monitor remote access/RDP logs.

THE LARGER TREND

In a Wednesday blog post, respected cybersecurity expert Brian Krebs noted that he’d received a tip about “communications this week between cybercriminals affiliated with a Russian-speaking ransomware group known as Ryuk in which group members discussed plans to deploy ransomware at more than 400 healthcare facilities in the U.S.”

Many hospitals have already been targeted with Ryuk ransomware, of course, most notably the UHS attack a month ago that left hundreds of that health system’s hospitals hobbled. Most recently, a trio of hospitals in upstate New York this week reported system failures because of an apparent Ryuk attack. While officials at St. Lawrence Health System say patient data does not appear to have been compromised, the attack did disrupt communications and caused ambulances to be redirected away from some hospitals.

The last issue hospitals need at the present time is to worry that their technology support systems may be compromised because of cyber activity. Hospital IT groups should follow the basic suggestions listed above and any other cyber preventable steps at their disposal.